CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede brainstorm Nybegynder
11. juni 2006 - 23:57 Der er 21 kommentarer og
1 løsning

- Hjælp til rensning af computer, log filer fra Drweb, Ewido og H

Hej, jeg håber på at jeg kan få samme gode hjælp, som jeg har set andre få her på siden til fjernelse af de sidst hårdnakkede viruses. Jeg har fulgt artikel/755 og kan fremvise nedenstående rapporter/log filer:

Fra DrWeb: (Alt fra Scan Statistcis!)
Scan statistics

Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00


[Scan path] C:\WINDOWS\System32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\Documents and Settings\Administrator\Skrivebord\drweb-cureit.exe
[Scan path] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX1\_start.exe
[Scan path] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX1\cureit.exe
[Scan path] C:\WINDOWS\SOUNDMAN.EXE
[Scan path] C:\WINDOWS\System32\RUNDLL32.EXE
[Scan path] C:\WINDOWS\System32\nwiz.exe
[Scan path] C:\WINDOWS\system32\NeroCheck.exe
[Scan path] C:\Programmer\ASUSTeK\ASUSDVD\PDVDServ.exe
[Scan path] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
[Scan path] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[Scan path] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[Scan path] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
[Scan path] C:\Programmer\Prevx1\PXConsole.exe
[Scan path] C:\Programmer\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
[Scan path] C:\WINDOWS\System32\ctfmon.exe
[Scan path] C:\Programmer\Steam\Steam.exe
[Scan path] C:\Programmer\Messenger\MSMSGS.EXE
[Scan path] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
[Scan path] C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
[Scan path] C:\Programmer\Xfire\Xfire.exe
[Scan path] C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe
[Scan path] C:\Programmer\Belkin\Bluetooth-Software\BTTray.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[Scan path] C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
[Scan path] C:\Programmer\Microsoft Office\Office10\OSA.EXE
[Scan path] C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
[Scan path] C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
[Scan path] C:\Programmer\WinZip\WZQKPICK.EXE
[Scan path] C:\WINDOWS\System32\mmsys.cpl
[Scan path] C:\WINDOWS\System32\icmui.dll
[Scan path] C:\WINDOWS\System32\rshx32.dll
[Scan path] C:\WINDOWS\System32\docprop.dll
[Scan path] C:\WINDOWS\System32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\System32\deskadp.dll
[Scan path] C:\WINDOWS\System32\deskmon.dll
[Scan path] C:\WINDOWS\System32\dssec.dll
[Scan path] C:\WINDOWS\System32\SlayerXP.dll
[Scan path] C:\WINDOWS\System32\shscrap.dll
[Scan path] C:\WINDOWS\System32\diskcopy.dll
[Scan path] C:\WINDOWS\System32\ntlanui2.dll
[Scan path] C:\WINDOWS\System32\printui.dll
[Scan path] C:\WINDOWS\System32\dskquoui.dll
[Scan path] C:\WINDOWS\System32\syncui.dll
[Scan path] C:\WINDOWS\System32\fontext.dll
[Scan path] C:\WINDOWS\System32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\System32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\System32\wuaucpl.cpl
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\System32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\System32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\System32\wmpshell.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\nvcpl.dll
[Scan path] C:\WINDOWS\System32\nvshell.dll
[Scan path] C:\Programmer\OpenOffice.org 2.0\program\shlxthdl.dll
[Scan path] C:\WINDOWS\System32\btneighborhood.dll
[Scan path] C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[Scan path] C:\PROGRA~1\FLLESF~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\Programmer\Microsoft Office\Office10\OLKFSTUB.DLL
[Scan path] C:\Programmer\Microsoft Office\Office10\msohev.dll
[Scan path] C:\Programmer\Grisoft\AVG7\avgse.dll
[Scan path] C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
[Scan path] C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[Scan path] C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\System32\crypt32.dll
[Scan path] C:\WINDOWS\System32\cryptnet.dll
[Scan path] C:\WINDOWS\System32\cscdll.dll
[Scan path] C:\WINDOWS\System32\wlnotify.dll
[Scan path] C:\WINDOWS\System32\sclgntfy.dll
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\system32\drivers\ALCXSENS.SYS
[Scan path] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\aliide.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\AmdK8.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
[Scan path] C:\WINDOWS\System32\Drivers\avg7core.sys
[Scan path] C:\WINDOWS\System32\Drivers\avg7rsw.sys
[Scan path] C:\WINDOWS\System32\Drivers\avg7rsxp.sys
[Scan path] C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
[Scan path] C:\WINDOWS\system32\drivers\btaudio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\btport.sys
[Scan path] C:\WINDOWS\System32\drivers\btkrnl.sys
[Scan path] C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\btwdndis.sys
[Scan path] C:\WINDOWS\System32\Drivers\btwusb.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\System32\dllhost.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] C:\WINDOWS\System32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\dmio.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\Programmer\ewido\security suite\ewidoctrl.exe
[Scan path] C:\Programmer\ewido\security suite\guard.sys
[Scan path] C:\Programmer\ewido\security suite\ewidoguard.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\gameenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\HPZid412.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\HPZius12.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdhid.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
[Scan path] c:\progra~1\mcafee\mcafee antispyware\massrv.exe
[Scan path] c:\programmer\mcafee.com\agent\mcdetect.exe
[Scan path] c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
[Scan path] C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] C:\WINDOWS\System32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NdisIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nvcap.sys
[Scan path] C:\WINDOWS\System32\nvsvc32.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\NVxbar.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\system32\drivers\pfc.sys
[Scan path] C:\WINDOWS\System32\HPZipm12.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\Programmer\Prevx1\PXAgent.exe
[Scan path] C:\WINDOWS\system32\drivers\pxfsf.sys
[Scan path] C:\WINDOWS\system32\drivers\pxemu.sys
[Scan path] C:\WINDOWS\system32\drivers\pxtdi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\system32\drivers\pxrd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\SLIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\sonypvs1.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\StreamIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\System32\tlntsvr.exe
[Scan path] C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ULILAN51.SYS
[Scan path] C:\WINDOWS\System32\DRIVERS\agpkx.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\system32\drivers\usbaudio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbccgp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbscan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\drivers\ws2ifsl.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
[Scan path] C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\OpenOffice.org 2.0.lnk
[Scan path] C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\Xfire.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\BTTray.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hp psc 1000 series.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hpoddt01.exe.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\InterVideo WinCinema Manager.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Picture Package Menu.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Picture Package VCD Maker.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\WinZip Quick Pick.lnk

Scan statistics

Objects scanned: 270
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3097 Kb/s
Scan time: 00:00:22


[Scan path] C:\
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\nbke.exe infected with Trojan.DownLoader.10139
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP88\A0004417.exe infected with Trojan.DownLoader.9496 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP88\A0004419.exe infected with Trojan.DownLoader.10136 - deleted
C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP88\A0004459.exe infected with Trojan.PWS.Snap - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP88\A0004468.exe infected with Trojan.DownLoader.9496 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP88\A0004469.exe infected with Trojan.PWS.Hedgie - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP88\A0004470.dll infected with Trojan.PWS.Hedgie - deleted
C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP88\A0005477.exe infected with Trojan.DownLoader.10114 - incurable - moved
C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP89\A0009525.exe infected with Trojan.DownLoader.10140 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP89\A0009526.exe infected with Trojan.DownLoader.9496 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP89\A0009540.exe infected with Trojan.DownLoader.9496 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP89\A0009543.exe infected with Trojan.PWS.Hedgie - deleted
C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP92\A0009964.exe infected with Trojan.DownLoader.9540 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP92\A0010004.exe infected with Trojan.DownLoader.10136 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP92\A0010005.dll infected with Trojan.PWS.Hedgie - deleted
C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP92\A0010007.exe infected with Trojan.DownLoader.10140 - deleted
C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP92\A0010008.exe infected with Trojan.PWS.Snap - deleted
>>>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP92\A0010009.exe infected with Trojan.Spambot - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP93\A0010311.exe infected with Trojan.DownLoader.10136 - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP93\A0010312.exe infected with Trojan.DownLoader.10136 - deleted
>>>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP93\A0010318.exe infected with Trojan.Spambot - deleted
>>>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP93\A0010319.exe infected with Trojan.EmailSpy - deleted
>C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP93\A0010320.exe infected with BackDoor.Bech - deleted
C:\System Volume Information\_restore{772A4622-7E89-41B6-8A0E-67F136A8A208}\RP96\A0010425.sys infected with Trojan.PWS.GoldSpy - deleted
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\WINDOWS\Temp\pol9D52.tmp infected with Trojan.EmailSpy - deleted
C:\WINDOWS\Temp\polF637.tmp infected with Trojan.EmailSpy - deleted


Scan statistics

Objects scanned: 102821
Infected objects found: 26
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 24
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 176 Kb/s
Scan time: 06:30:21


C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\nbke.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\nbke.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\nbke.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\nbke.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\nbke.exe - moved


Total session statistics

Objects scanned: 103091
Infected objects found: 26
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 24
Objects renamed: 0
Objects moved: 2
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 06:30:43

Fra Ewido:

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            13:01:12, 11-06-2006
+ Rapport-Checksum:        15374090

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -> Trojan.Small : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0005477.exe -> Downloader.Small.cux : Renset med backup


::Rapport slut

Fra Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:27:42, on 11-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brainstormproduction.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00005.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20026\winlogon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {D44CCDBD-C9C1-44C7-9A6B-74B250FD070F} - C:\WINDOWS\system32\winnuts.dll (file missing)
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\System32\IeHelperVY.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Programmer\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] C:\Programmer\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [shell] "C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00005.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3072.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146821030953
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: 20242402reg - C:\Documents and Settings\All Users\Dokumenter\Settings\20242402.dll (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenter\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: gdwxp3 - gdwxp3.dll (file missing)
O20 - Winlogon Notify: polymorphreg - C:\WINDOWS\
O20 - Winlogon Notify: prwsks - prwsks.dll (file missing)
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Bpipbo32.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\akajhbih.dll (file missing)
O21 - SSODL: yPwrbEyrgOTW - {E046225F-4AEC-88F5-C076-EFEEB9B91401} - C:\WINDOWS\System32\kwe.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmer\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

- De er kørt i denne rækkefølge. Hvor skidt ser det ud?
Avatar billede ejvindh Ekspert
12. juni 2006 - 09:32 #1
Det har godt nok været en slemt inficeret computer, og bl.a en enkelt keylogger. Så det kunne nok være en god ide, at få skiftet de passwords ud, som du har brugt i nyere tid når den er ren. Og hvis du bruger pc-bank, ville jeg nok også få lavet en ny nøgle, hvis jeg var dig.

Men jeg kigger den igennem, og vender tilbage snart :-)
Avatar billede ejvindh Ekspert
12. juni 2006 - 09:46 #2
-- Hent "SuperAntiSpyware free" herfra:
http://www.spywarefri.dk/downloads1.htm
Installer, og opdater scannereren. Men vent med at scanne.

Fuld vejledning til superantispyware finder du her:
http://www.spywarefri.dk/manualer/superantispyware-manual.htm

-- Hent S!Ri's SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Du har 2 antivirus-programmer installeret (McAfee og AVG). Det er ikke hensigtsmæssigt, da de godt kan modarbejde hinanden. Du bør derfor afinstallere det ene.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00005.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20026\winlogon.exe
O2 - BHO: (no name) - {D44CCDBD-C9C1-44C7-9A6B-74B250FD070F} - C:\WINDOWS\system32\winnuts.dll (file missing)
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\System32\IeHelperVY.dll (file missing)
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [shell] "C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00005.exe"
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3072.exe
O15 - Trusted Zone: www.1987324.com
O20 - Winlogon Notify: 20242402reg - C:\Documents and Settings\All Users\Dokumenter\Settings\20242402.dll (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenter\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: gdwxp3 - gdwxp3.dll (file missing)
O20 - Winlogon Notify: polymorphreg - C:\WINDOWS\
O20 - Winlogon Notify: prwsks - prwsks.dll (file missing)
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Bpipbo32.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\akajhbih.dll (file missing)
O21 - SSODL: yPwrbEyrgOTW - {E046225F-4AEC-88F5-C076-EFEEB9B91401} - C:\WINDOWS\System32\kwe.dll (file missing)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-- Slet herefter følgende (hvis du kan finde dem):
Mapper:
C:\WINDOWS\inet20026\
C:\Documents and Settings\All Users\Dokumenter\Settings\

Filer:
c:\secure32.html
C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00005.exe
C:\WINDOWS\system32\winnuts.dll
C:\WINDOWS\System32\IeHelperVY.dll
C:\WINDOWS\sysldr32.exe
C:\WINDOWS\System32\taskdir.exe
C:\WINDOWS\System32\vxgame6.exe3072.exe
C:\WINDOWS\System32\Bpipbo32.dll
C:\WINDOWS\System32\akajhbih.dll
C:\WINDOWS\System32\kwe.dll

-- Start SuperAntispyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart til normal tilstand. Åbn SuperAntispyware-scannereren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med en ny HijackThis log og loggen fra Smitfraudfix.
Avatar billede off-line Nybegynder
12. juni 2006 - 16:13 #3
Denne her er bedre end Dr.web. Den er fuld funktionsdygtig i 30 prøvedage.
Men logfiler fjernes ikke af noget antispyware program. Dem skal man fjerne nanuelt.
Det plejer nu heller ikke at være noget problem. Normalt ligger de enten på C:\
eller inde i programmet.
https://www.steganos.com/?layout=default&content=products&language=en
Avatar billede ejvindh Ekspert
12. juni 2006 - 18:44 #4
Gotfred: Hvad mener du med, at den er "bedre"? Og hvad mener du med, at antispywareprogrammer ikke fjerner "logfiler"? Hvilke logfiler er det, som du taler om, og i hvilken forstand er de et sikkerhedsproblem?

Steganos er en klon af Spysweeper, derfor vil det være overraskende, hvis den kan noget, som Spysweeper ikke kan.
Avatar billede off-line Nybegynder
12. juni 2006 - 19:12 #5
Logfiler, jeg forstod på overskriften, at spørgeren også ville have fjernet logfiler. Men det
var måske ikke det han mente? Nej logfiler er selvfølgelig ikke noget sikkerheds problem.
Jeg mener, at Steganos Antispyware er bedre end Dr.web. Hos mig kunne Dr.web ikke finde
spywaren "any@web" det kunne Steganos, og ja jeg ved godt, at det er den samme som Spysweeper,
og derfor ligeså god. Men Spysweeper - så vidt jeg ved - viser kun hvad den finder af snavs,
den fjerner det ikke - som trial - Det gør Steganos, og i hele 30 dage.
Avatar billede ejvindh Ekspert
12. juni 2006 - 19:20 #6
Spysweeper kan nu faktisk også fåes i en trial-version, som kan fjerne skidtet -- dog kun i 14 dage. Så her kan du have en pointe.

Angående Dr.Web vs. Steganos, mener jeg til gengæld ikke helt, at du kan opstille det på den måde. De 2 programmer retter sig jo imod nogle forskellige problemer, og derfor er det ikke overraskende at det ene program nogle gange kan finde noget, det andet ikke finder. Det modsatte vil du også kunne finde eksempler på.

Og angående logfiler, så vil jeg mene at opretter ikke ønsker de pågældende logfiler fjernet, men blot gennemlæst og analyseret -- idet de jo kan fortælle, om der er skidt på computeren :-)
Avatar billede off-line Nybegynder
12. juni 2006 - 19:35 #7
Angående logfil. Ja du har sikkert ret. Indrømmer jeg kun har skimmet den (altfor?) lange liste.
Nu har jeg god erfaring med Steganos og ikke med Dr.web. At du har mere positiv erfaring med
Dr.web, er jo kun glædelig. Men den har spørgeren jo brugt, og har åbenbart brug for endnu et
program, og så kan han jo lade Steganos få en chance. *S*
Avatar billede brainstorm Nybegynder
12. juni 2006 - 22:00 #8
Hej, er lige kommet til computeren og spændende læsning. Jeg vil straks gå igang med ejvindh's udredning og det er muligt at jeg får brug for et godt råd undervejs. På forhånd tak. Vender tilbage med en melding når jeg har været det hele igennem.
Avatar billede brainstorm Nybegynder
12. juni 2006 - 22:07 #9
Computeren er i øvrigt sprit ny og jeg havde været så smart at installere en del spil på den - inden jeg overvejede at opdatere til servicepak 2 og installere antivirus og -spyware programmer på den. Halvanden uge inde i forløbet gik det galt og jeg gik nærmest amok med at installere anti programmer, så ja meget klogt at afinstallere den ene eller flere af dem. Og fraråde at "glemme" at installere par af dem. Men det er der nok ingen her inde der "glemmer".
Avatar billede ejvindh Ekspert
12. juni 2006 - 22:45 #10
Ork jo -- herinde er der også mange, der glemmer de sikkerhedsmæssige ting :-)
Avatar billede brainstorm Nybegynder
12. juni 2006 - 23:40 #11
Jeg har lige skrevet en kommentar som jeg undre mig over ikke kommer med!
Avatar billede brainstorm Nybegynder
12. juni 2006 - 23:57 #12
Jeg prøver igen. Jeg har været i gang med slette processen og har ikke fundet nogle af filerne, så de er vel slettet!? Men mht. mapperne så fryser mit søge vindue når jeg forsøger at slette den første mappe inet20026, men jeg har slettet indholdet af mappen via en anden vej. Hvad betyder det? Ved den anden mappe advarer XP mig om at slette indholdet ved navn desktop.ini, skal jeg slette den alligevel?
Jeg har snart log filerne klar..
Avatar billede brainstorm Nybegynder
13. juni 2006 - 00:18 #13
Her er de tre log filer:

SUPERAntiSpyware Scan Log
Generated 06/12/2006 at 11:28 PM

Core Rules Database Version : 2975
Trace Rules Database Version: 1071

Memory threats detected  : 0
Registry threats detected : 24
File threats detected    : 13

Trojan.DCOM Server
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@e2.emediate[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@1071183736[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad1.emediate[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt

Trojan.IExplorerHelperVS
    HKCR\IExplorerHelperVS.BrowserHook
    HKCR\IExplorerHelperVS.BrowserHook\CLSID
    HKCR\IExplorerHelperVS.BrowserHook\CurVer
    HKCR\IExplorerHelperVS.BrowserHook.1
    HKCR\IExplorerHelperVS.BrowserHook.1\CLSID
    HKCR\IExplorerHelperVS.IExplorerHelper
    HKCR\IExplorerHelperVS.IExplorerHelper\CLSID
    HKCR\IExplorerHelperVS.IExplorerHelper\CurVer
    HKCR\IExplorerHelperVS.IExplorerHelper.1
    HKCR\IExplorerHelperVS.IExplorerHelper.1\CLSID
    HKCR\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}
    HKCR\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}\InprocServer32
    HKCR\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}\ProgID
    HKCR\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}\Programmable
    HKCR\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}\TypeLib
    HKCR\CLSID\{60F4F2F3-0AFB-4AEF-B21E-B03D1C95B49E}\VersionIndependentProgID
    HKCR\TypeLib\{2215C65C-89E2-4363-820A-8C46FD4A9C97}
    HKCR\TypeLib\{2215C65C-89E2-4363-820A-8C46FD4A9C97}\1.0
    HKCR\TypeLib\{2215C65C-89E2-4363-820A-8C46FD4A9C97}\1.0\0
    HKCR\TypeLib\{2215C65C-89E2-4363-820A-8C46FD4A9C97}\1.0\0\win32
    HKCR\TypeLib\{2215C65C-89E2-4363-820A-8C46FD4A9C97}\1.0\FLAGS
    HKCR\TypeLib\{2215C65C-89E2-4363-820A-8C46FD4A9C97}\1.0\HELPDIR

Trojan.VXGame/32
    C:\WINDOWS\system32\dlh9jkdq1.exe
    C:\WINDOWS\system32\dlh9jkdq8.exe

Trojan.Unknown Origin
    C:\WINDOWS\system32\vx.tll

SmitFraudFix v2.59

Scan done at  0:02:44,62, ti 13-06-2006
Run from C:\Documents and Settings\Administrator\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\exit Deleted
C:\uniq Deleted
C:\Documents and Settings\Administrator\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 00:06:49, on 13-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brainstormproduction.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrevxOne] C:\Programmer\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] C:\Programmer\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146821030953
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmer\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Det var det! I øvrigt så tager det Windows næste 2 min. at indlæse, kan det have noget med virus der stadig er på pc'en at gøre?

Ser frem til at høre mere. Godnat og tak for nu.
Avatar billede brainstorm Nybegynder
13. juni 2006 - 00:26 #14
Lige en sidste ting. Det lykkedes mig lige at slette inet20026 mappen.
Avatar billede ejvindh Ekspert
13. juni 2006 - 07:37 #15
-- Du kan rolig lade den slette den desktop.ini-fil

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Folders to Delete:
C:\WINDOWS\inet20026\
-----------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis og lav en ny log, som du lægger herind. Det er vigtigt at du denne gang laver loggen fra normal tilstand (og altså ikke fra fejlsikret).

-- Hent Silentrunners her:
http://www.silentrunners.org/Silent%20Runners.vbs

Kør programmet, klik på Ja. Klik på OK. Vent så indtil der kommer en besked om at logfilen er færdig. Find log-filen, og læg den herind (den lægger sig i samme mappe som silentrunner programmet ligger i).

-- Endelig må du også gerne sige, om det har hjulpet noget på opstarts-hastigheden nu?
Avatar billede brainstorm Nybegynder
13. juni 2006 - 21:21 #16
Hej igen. Her Avenger log filen:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gslxjoca

*******************

Script file located at: \??\C:\WINDOWS\hjwnjpwx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\WINDOWS\inet20026 not found!
Deletion of folder C:\WINDOWS\inet20026 failed!

Could not process line:
C:\WINDOWS\inet20026
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

..Og Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:15:50, on 13-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Prevx1\PXConsole.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Messenger\MSMSGS.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Belkin\Bluetooth-Software\BTTray.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\OpenOffice.org 2.0\program\soffice.exe
C:\Programmer\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brainstormproduction.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrevxOne] C:\Programmer\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146821030953
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmer\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

...Og silentrunners:

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"Steam" = ""C:\Programmer\Steam\Steam.exe" -silent" ["Valve Corporation"]
"MSMSGS" = ""C:\Programmer\Messenger\MSMSGS.EXE" /background" [MS]
"SUPERAntiSpyware" = "C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"RemoteControl" = "C:\Programmer\ASUSTeK\ASUSDVD\PDVDServ.exe" ["Cyberlink Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"PrevxOne" = "C:\Programmer\Prevx1\PXConsole.exe" ["Prevx"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
                                        \StubPath  = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
                  \InProcServer32\(Default) = "C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                  \InProcServer32\(Default) = "C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"
  -> {HKLM...CLSID} = "URLDetector Class"
                  \InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll" ["Prevx Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"
  -> {HKLM...CLSID} = "Kontrolpanel-udvidelse til skærmpanorering"
                  \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = ""C:\Programmer\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = ""C:\Programmer\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = ""C:\Programmer\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = ""C:\Programmer\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
  -> {HKLM...CLSID} = "Bluetooth-steder"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\btneighborhood.dll" ["Broadcom Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                  \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                  \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                  \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                  \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Filtypenavn for Outlook-filikon"
                  \InProcServer32\(Default) = "C:\Programmer\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\Programmer\Microsoft Office\Office10\msohev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {HKLM...CLSID} = "AVG7 Find Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
  -> {HKLM...CLSID} = "Previous Versions Property Page"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
  -> {HKLM...CLSID} = "Previous Versions"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" = "Extensions Manager Folder"
  -> {HKLM...CLSID} = "Extensions Manager Folder"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\extmgr.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                  \InProcServer32\(Default) = "C:\Programmer\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
  -> {HKLM...CLSID} = "SABShellExecuteHook Class"
                  \InProcServer32\(Default) = "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! SASWinLogon\DLLName = "C:\Programmer\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = ""C:\Programmer\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                  \InProcServer32\(Default) = "C:\Programmer\ewido\security suite\context.dll" ["ewido networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                  \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                  \InProcServer32\(Default) = "C:\Programmer\ewido\security suite\context.dll" ["ewido networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                  \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                  \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start
"OpenOffice.org 2.0" -> shortcut to: "C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe" [null data]
"Xfire" -> shortcut to: "C:\Programmer\Xfire\Xfire.exe" ["Xfire Inc."]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
"Adobe Gamma Loader" -> shortcut to: "C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"BTTray" -> shortcut to: "C:\Programmer\Belkin\Bluetooth-Software\BTTray.exe" ["Broadcom Corporation"]
"hp psc 1000 series" -> shortcut to: "C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"hpoddt01.exe" -> shortcut to: "C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office" -> shortcut to: "C:\Programmer\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Picture Package Menu" -> shortcut to: "C:\Programmer\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe" ["Sony Corporation"]
"Picture Package VCD Maker" -> shortcut to: "C:\Programmer\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h" ["Sony Corporation."]
"WinZip Quick Pick" -> shortcut to: "C:\Programmer\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


Enabled Scheduled Tasks:
------------------------

"FRU Task #Hewlett-Packard#hp psc 1200 series#1147111425" -> launches: "C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1147111425"" [empty string]
"McAfee AntiSpyware" -> launches: "c:\progra~1\mcafee\MCAFEE~1\MASCon.exe /SCHEDULEDSCANNOW" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
xfire_lsp_9028.dll [null data], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
  -> {HKLM...CLSID} = "Yahoo! Toolbar"
                  \InProcServer32\(Default) = "C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
  -> {HKLM...CLSID} = "Yahoo! Toolbar"
                  \InProcServer32\(Default) = "C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmer\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Bluetooth Service, btwdins, "C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe" ["Broadcom Corporation"]
ewido security suite control, ewido security suite control, "C:\Programmer\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Programmer\ewido\security suite\ewidoguard.exe" ["ewido networks"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Prevx Agent, PREVXAgent, ""C:\Programmer\Prevx1\PXAgent.exe" -f" ["Prevx"]
Ulead Burning Helper, UleadBurningHelper, "C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Bluetooth-printerport\Driver = "bthcrp.dll" ["Broadcom Corporation"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 79 seconds, including 18 seconds for message boxes)

Jeg prøver at genstarte for at se om det har hjulpet på indlæsningen. Mange tak for hjælpen indtil nu. Jeg kan se tydelige tegn på at den har det bedre! Jeg vender tilbage om lidt..
Avatar billede ejvindh Ekspert
13. juni 2006 - 21:29 #17
I hvert fald ser logsene gode ud. Men vend tilbage, når du har fået testet lidt :-)
Avatar billede brainstorm Nybegynder
13. juni 2006 - 21:31 #18
Tja, jeg ved ikke rigtig, jeg synes at det burde gå hurtigere. Det tager godt og vel 1. min. og 25 sek. fra Windows starter.. skærmen kommer på (Efter den sorte skærm med Windows logoet og loadingbaren har kørt i 30 sek.) til den kommer videre til admininstrator log in. Min lille mininotebook på 700 mhz starter mindst dobbelt så hurtigt og jeg synes denne nye maskine var hurtiger før der kom virus på den!
Avatar billede Computer Hjælp (Gratis) Mester
14. juni 2006 - 06:53 #19
Måske ka' denne rydde lidt op i RegBasen:
RegCleaner -> http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer] )
Avatar billede ejvindh Ekspert
14. juni 2006 - 08:55 #20
Prøv så at køre denne stribe af forslag igennem. De kan på forskellig vis være med til at optimere din computers performance:

1. Prøv at downloade og installere Ccleaner herfra:
http://www.ccleaner.com/

Kør en rensnings-procedure med programmet -- både under "Renser" og "Problemer" menuerne i programmet. Lad den fjerne alt hvad den finder. Genstart, og se om det har hjulpet.

2. Prøv at defragmentere din HD: Dobbeltklik på Denne Computer, højreklik på din HD, vælg Egenskaber-Funktioner-Defragmenter nu, og kør en defragmentering. Det kan godt tage lang tid. Genstart, og se om det har hjulpet.

3. Prøv et sfc-scan: Klik på Start=>Kør skriv: SFC /scannow  (husk mellemrum mellem SFC og /scannow)
Din windows skive skal sidde i drevet. Den tjekker og reparer dine systemfiler.

4. Prøv en repair: http://www.hcma.dk/tips1to10.htm#no4
Efter en repair er det vigtigt at gå ind og få opdateret windows-styresystemet (da styresystemet føres tilbage til det niveau som findes på din installations-skive):
http://windowsupdate.microsoft.com/

Genstart, og se om det har hjulpet.


5. Klik på start-kør, skriv devmgmt.msc og klik på OK.

Så åbner enhedshåndteringen. Klik på +-tegnet ud for "IDE ATA/ATAPI-controllere", og højreklik på "Primær IDE-kanal", og vælg Egenskaber. Klik på fanebladet "Avancerede indstillinger". Hvis der står "Kun PIO" ved overførsels-tilstanden, ved nogle af enhederne, kan det være årsagen til en langsom computer. Du kan prøve at ændre dette på 2 måder:

a. Prøv først at lave om på dette ved at skifte til "DMA, hvis den er tilgængelig", klik på OK, og genstart computeren. Hjalp det?

b. Hvis nej, så prøv igen at gå ind i enhedshåndteringen, Klik på +-tegnet ud for "IDE ATA/ATAPI-controllere", og højreklik på "Primær IDE-kanal", og vælg Egenskaber. Klik på fanebladet "Driver", og klik på fjern. Når processen er færdig skal du genstarte computeren, hvorved styresystemet nyinstallerer din HD, og giver den standard-indstillingerne.


6. Endelig er der også nogle forslag på dette link, som du kan afprøve:
http://www.spywareinfo.dk/index.htm#/tip-og-tricks/langsom-op-og-nedlukning-xp.htm
Avatar billede brainstorm Nybegynder
20. juni 2006 - 00:24 #21
Hej igen. Jeg har været væk fra computeren de seneste dage, mange tak for hjælpen, det ser ud til at fungere. Jeg mangler dog de sidste ting i de seneste indlæg og hvis ikke det hjælper, tja så er det vel min egen skyld! Endnu en gang mange tak, jeg går udfra at jeg har fået tildelt dig, ejvindh, de 60 points. God sommer.
Avatar billede ejvindh Ekspert
20. juni 2006 - 11:38 #22
Ja, jeg har modtaget mine point. Også en god sommer til dig :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 10 I går 20:49 I dag 10:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 15:56 Navigation i Peugeot 3-2008 fra 2017 Af arnepedersen i Andet software
I dag 14:10 Outlook henter ikke mails Af TTA i Office & Kontorpakker
I dag 13:58 vise billeder i kartotek med store ikoner inklusive optagelsesdato Af Malm i Billedbehandling
I dag 13:35 Adobe Elements 2019, Organizer Crasher Af mort1 i Billedbehandling
I går 20:49 pop up black friday Af Malm i Virus
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Telegigant klar med AI-baseret mormor: Holder telefon-svindlere fast i røret med sniksnak og dumme spørgsmål
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Tre vigtige erkendelser, som Computerworld tog med hjem fra Gartners store topmøde i Barcelona
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Topchef Sara Green mener, at der er brug for et radikalt nyt syn på it-ledelse - særligt én ny trend hader hun som pesten
Se alle »
White paper
Teaser billede
MDR: Transparent sikkerhed og overvågning i realtid
Læs mere »
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Sikkerhed uden grænser: Cisco Hypershield
Styrk compliance, sikkerhed og overblik med ét hug
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »