CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede logitech33 Nybegynder
13. marts 2008 - 18:16 Der er 4 kommentarer og
1 løsning

virus - langsom pc plus jobmanager deaktiveret

jeg har fået en virus på min maskine.
taskmgr er deaktiveret .. jeg kørte Crap Cleaner samt combofix,
combofix løste det med taskmgr og maskinen kører nogen lunde nu, men jeg vil gerne sikre mig at det hele er som det skal være.. derfor denne tråd

Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 18:12:31, on 13-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Athan\Athan.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Logitech\QuickCam\Quickcam.exe
C:\Programmer\antiviirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\tmp84156.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Irshad Thaha\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Athan] C:\Programmer\Athan\Athan.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Programmer\antiviirus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: BootPrx - {ff26314f-1d06-49a4-b907-005d69d572f6} - C:\WINDOWS\Installer\{ff26314f-1d06-49a4-b907-005d69d572f6}\BootPrx.dll
O21 - SSODL: zip - {a2f2367b-b90e-4638-9cba-7e8fb87f87ec} - C:\WINDOWS\Installer\{a2f2367b-b90e-4638-9cba-7e8fb87f87ec}\zip.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe

Combofix

ComboFix 08-03-10.1 - Irshad Thaha 2008-03-13 18:01:38.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1044 [GMT 1:00]
Running from: C:\Documents and Settings\Irshad Thaha\Lokale indstillinger\Temporary Internet Files\Content.IE5\VWJZX2E5\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-02-13 to 2008-03-13  )))))))))))))))))))))))))))))))
.

2008-03-13 17:07 . 2008-03-13 17:06    102,664    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-13 17:06 . 2008-03-13 17:08    <DIR>    d--------    C:\Documents and Settings\Irshad Thaha\.housecall6.6
2008-03-13 15:18 . 2008-03-13 15:18    16,584    -r-hs----    C:\Programmer\tmp84156.exe
2008-03-13 15:18 . 2008-03-13 15:18    16,584    -r-hs----    C:\Programmer\tmp78687.exe
2008-03-13 10:48 . 2008-03-13 10:48    16,584    -r-hs----    C:\Programmer\tmp83406.exe
2008-03-13 10:48 . 2008-03-13 10:48    16,584    -r-hs----    C:\Programmer\tmp78031.exe
2008-03-13 02:16 . 2008-03-13 02:16    16,584    -r-hs----    C:\Programmer\tmp43290625.exe
2008-03-12 14:16 . 2008-03-12 14:16    16,584    -r-hs----    C:\Programmer\tmp85265.exe
2008-03-12 14:16 . 2008-03-12 14:16    16,584    -r-hs----    C:\Programmer\tmp79765.exe
2008-03-12 10:59 . 2008-03-12 10:59    16,584    -r-hs----    C:\Programmer\tmp194687.exe
2008-03-12 10:59 . 2008-03-12 10:59    16,584    -r-hs----    C:\Programmer\tmp188625.exe
2008-03-12 10:49 . 2008-03-12 10:49    16,584    -r-hs----    C:\Programmer\tmp82578.exe
2008-03-12 10:49 . 2008-03-12 10:49    16,584    -r-hs----    C:\Programmer\tmp76562.exe
2008-03-12 02:25 . 2008-03-12 02:25    16,584    -r-hs----    C:\Programmer\tmp15748656.exe
2008-03-12 02:25 . 2008-03-12 02:25    16,584    -r-hs----    C:\Programmer\tmp15743031.exe
2008-03-12 02:24 . 2008-03-12 02:25    21,708    --a------    C:\Programmer\antiviirus.exe
2008-03-09 17:02 . 2008-03-09 17:03    <DIR>    d--------    C:\Programmer\Windows Live Safety Center
2008-03-07 20:34 . 2008-03-07 20:34    <DIR>    d--------    C:\Programmer\Fælles filer\DirectX
2008-03-07 20:02 . 2008-03-07 20:02    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-07 19:50 . 2008-03-07 20:24    <DIR>    d--------    C:\Programmer\EA GAMES
2008-03-07 17:45 . 2008-03-07 17:45    <DIR>    d--------    C:\Programmer\Bonjour
2008-03-07 17:35 . 2008-03-07 17:35    <DIR>    d--------    C:\Programmer\Fælles filer\Macrovision Shared
2008-03-07 16:18 . 2008-03-07 16:18    127,034    -r-------    C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-05 11:43 . 2008-03-05 11:44    <DIR>    d--------    C:\Programmer\Fælles filer\LogiShrd
2008-03-05 11:43 . 2008-03-05 11:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-05 11:43 . 2008-03-06 13:13    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-04 23:30 . 2005-07-19 17:31    53,248    -ra------    C:\WINDOWS\system32\InstMed.exe
2008-03-04 23:29 . 2008-03-04 23:29    <DIR>    d--------    C:\Programmer\Fælles filer\Logitech
2008-03-04 23:28 . 2008-03-07 16:18    <DIR>    d--------    C:\Programmer\Logitech
2008-03-03 23:35 . 2008-03-03 23:35    <DIR>    d--------    C:\Programmer\Electronic Arts
2008-03-03 23:29 . 2008-03-03 23:29    <DIR>    d--------    C:\Programmer\DAEMON Tools Lite
2008-03-03 23:25 . 2008-03-03 23:25    <DIR>    d--------    C:\Documents and Settings\Irshad Thaha\Application Data\DAEMON Tools
2008-03-03 23:25 . 2008-03-03 23:25    716,272    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2008-03-03 21:51 . 2008-03-03 21:51    <DIR>    d--------    C:\WINDOWS\system32\athan
2008-03-03 21:51 . 2008-03-03 21:52    <DIR>    d--------    C:\Programmer\Athan
2008-03-03 21:35 . 2008-03-03 21:35    7,293,668    --a------    C:\Programmer\AthanBasic3.exe
2008-03-03 14:08 . 2008-03-03 14:08    <DIR>    d--------    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-03-02 22:40 . 2006-10-26 19:56    32,592    --a------    C:\WINDOWS\system32\msonpmon.dll
2008-03-02 22:40 . 2006-10-26 19:58    30,512    --a------    C:\WINDOWS\system32\mdimon.dll
2008-03-02 22:34 . 2008-03-02 22:34    <DIR>    d--------    C:\Programmer\Microsoft Works
2008-03-02 22:32 . 2008-03-02 22:32    <DIR>    d--------    C:\Programmer\Microsoft.NET
2008-03-02 22:28 . 2008-03-02 22:28    <DIR>    d--------    C:\Programmer\Microsoft Visual Studio 8
2008-03-02 22:28 . 2008-03-02 22:28    <DIR>    d--------    C:\IDE
2008-03-02 22:26 . 2008-03-02 22:27    <DIR>    d--------    C:\WINDOWS\SHELLNEW
2008-03-02 22:24 . 2008-03-12 13:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-02 22:23 . 2008-03-02 22:23    <DIR>    dr-h-----    C:\MSOCache
2008-03-02 22:21 . 2008-03-02 22:23    <DIR>    d--------    C:\Programmer\Word
2008-03-02 18:54 . 2008-03-02 18:54    <DIR>    d--------    C:\Programmer\uTorrent
2008-03-02 18:54 . 2008-03-09 04:11    <DIR>    d--------    C:\Documents and Settings\Irshad Thaha\Application Data\uTorrent
2008-03-02 18:48 . 2008-03-02 18:48    <DIR>    d--------    C:\Programmer\VideoLAN
2008-03-02 18:39 . 2008-03-02 18:39    268    --ah-----    C:\sqmdata13.sqm
2008-03-02 18:39 . 2008-03-02 18:39    244    --ah-----    C:\sqmnoopt13.sqm
2008-03-02 18:10 . 2008-03-02 18:10    268    --ah-----    C:\sqmdata12.sqm
2008-03-02 18:10 . 2008-03-02 18:10    244    --ah-----    C:\sqmnoopt12.sqm
2008-03-02 17:49 . 2008-03-02 17:49    268    --ah-----    C:\sqmdata11.sqm
2008-03-02 17:49 . 2008-03-02 17:49    244    --ah-----    C:\sqmnoopt11.sqm
2008-03-02 17:44 . 2008-03-02 17:44    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\e-Safekey
2008-02-27 14:46 . 2004-08-03 23:08    26,496    --a--c---    C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-26 16:18 . 2008-02-26 16:18    <DIR>    d--------    C:\Documents and Settings\Irshad Thaha\Application Data\TVU Networks
2008-02-26 16:18 . 2008-02-26 16:18    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-02-25 11:28 . 2007-07-30 19:19    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2008-02-25 11:28 . 2007-07-30 19:19    207,736    --a------    C:\WINDOWS\system32\muweb.dll
2008-02-25 11:28 . 2007-07-30 19:18    30,072    --a------    C:\WINDOWS\system32\mucltui.dll.mui
2008-02-24 20:59 . 2008-02-24 21:00    <DIR>    d--------    C:\Programmer\Windows Live Toolbar
2008-02-24 20:59 . 2008-02-24 20:59    <DIR>    d--------    C:\Programmer\Windows Live Favorites
2008-02-24 20:58 . 2006-11-29 13:06    3,426,072    --a------    C:\WINDOWS\system32\d3dx9_32.dll
2008-02-24 20:57 . 2008-03-05 11:44    <DIR>    d----c---    C:\WINDOWS\system32\DRVSTORE
2008-02-24 20:57 . 2008-02-24 20:57    <DIR>    d--------    C:\Programmer\Microsoft SQL Server Compact Edition
2008-02-24 20:57 . 2008-03-13 17:05    <DIR>    d--------    C:\Documents and Settings\Irshad Thaha\Contacts
2008-02-24 20:54 . 2008-02-27 17:06    <DIR>    d--------    C:\Programmer\Windows Live
2008-02-24 20:54 . 2008-02-24 20:55    <DIR>    d--hsc---    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-02-24 20:54 . 2008-03-05 22:08    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 18:09 . 2008-02-24 18:09    <DIR>    d--------    C:\WINDOWS\Sun
2008-02-24 18:08 . 2008-02-24 18:08    <DIR>    d--------    C:\Programmer\Java
2008-02-24 18:08 . 2008-02-24 18:08    <DIR>    d--------    C:\Programmer\Fælles filer\Java
2008-02-24 18:08 . 2007-09-24 23:31    69,632    --a------    C:\WINDOWS\system32\javacpl.cpl
2008-02-24 17:53 . 2008-02-24 17:53    <DIR>    d--------    C:\Documents and Settings\Irshad Thaha\Application Data\ATI
2008-02-24 17:53 . 2008-02-24 17:53    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\ATI
2008-02-24 17:52 . 2008-02-24 17:52    0    --a------    C:\WINDOWS\ativpsrm.bin
2008-02-24 17:45 . 2008-02-24 17:45    <DIR>    d--------    C:\Programmer\Microsoft Silverlight
2008-02-24 17:43 . 2008-02-24 17:45    <DIR>    d--------    C:\Programmer\ATI Technologies
2008-02-24 17:43 . 2008-01-22 14:42    593,920    ---------    C:\WINDOWS\system32\ati2sgag.exe
2008-02-24 17:42 . 2008-03-07 16:18    <DIR>    d--h-----    C:\Programmer\InstallShield Installation Information
2008-02-24 17:41 . 2008-02-24 17:44    <DIR>    d--------    C:\Programmer\Fælles filer\InstallShield
2008-02-24 17:31 . 2008-02-24 17:31    <DIR>    d--------    C:\Programmer\MSXML 6.0
2008-02-24 16:54 . 2008-02-24 16:54    <DIR>    d--------    C:\Programmer\MSBuild
2008-02-24 16:50 . 2008-02-24 17:37    <DIR>    d--------    C:\WINDOWS\system32\XPSViewer
2008-02-24 16:50 . 2008-02-24 16:50    <DIR>    d--------    C:\Programmer\Reference Assemblies
2008-02-24 16:49 . 2006-06-29 13:07    14,048    ---------    C:\WINDOWS\system32\spmsg2.dll
2008-02-24 16:48 . 2008-02-24 16:48    <DIR>    d--------    C:\Programmer\Windows Media Connect 2
2008-02-24 16:47 . 2008-02-24 16:47    <DIR>    d--------    C:\WINDOWS\system32\LogFiles
2008-02-24 16:47 . 2008-02-24 16:47    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
2008-02-24 16:39 . 2008-02-24 16:40    <DIR>    d--------    C:\WINDOWS\system32\URTTemp
2008-02-24 16:36 . 2008-02-24 16:36    <DIR>    d--------    C:\Documents and Settings\Irshad Thaha\Application Data\Talkback
2008-02-24 16:36 . 2008-02-24 16:36    0    --a------    C:\WINDOWS\nsreg.dat
2008-02-24 16:05 . 2008-02-24 16:05    <DIR>    d--------    C:\Programmer\Windows Defender

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 16:45    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-03-03 20:51    737,280    ----a-w    C:\WINDOWS\iun6002.exe
2008-03-02 17:09    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2008-02-24 15:09    ---------    d-----w    C:\Programmer\SpywareGuard
2008-02-24 11:33    ---------    d-----w    C:\Programmer\SpywareBlaster
2008-02-24 11:31    ---------    d-----w    C:\Documents and Settings\Irshad Thaha\Application Data\SUPERAntiSpyware.com
2008-02-24 11:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-24 11:30    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-24 11:28    ---------    d-----w    C:\Programmer\Alwil Software
2008-02-24 11:15    ---------    d-----w    C:\Programmer\microsoft frontpage
2008-02-24 11:13    ---------    d-----w    C:\Programmer\Onlinetjenester
2008-02-24 11:12    ---------    d-----w    C:\Programmer\Fælles filer\Tjenester
2008-02-01 10:17    586,752    ----a-w    C:\WINDOWS\WLXPGSS.SCR
2008-01-30 15:10    274,432    ----a-w    C:\WINDOWS\system32\libcurl.dll
2008-01-22 21:38    2,845,696    ----a-w    C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 20:44    368,640    ----a-w    C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43    272,384    ----a-w    C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39    307,200    ----a-w    C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36    9,949,184    ----a-w    C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35    43,520    ----a-w    C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35    26,112    ----a-w    C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35    147,456    ----a-w    C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35    122,880    ----a-w    C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35    122,880    ----a-w    C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34    512,000    ----a-w    C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33    53,248    ----a-w    C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25    3,121,920    ----a-w    C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14    1,664,256    ----a-w    C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04    46,080    ----a-w    C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01    385,024    ----a-w    C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59    17,408    ----a-w    C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58    5,435,392    ----a-w    C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58    49,152    ----a-w    C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57    163,840    ----a-w    C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53    503,808    ----a-w    C:\WINDOWS\system32\ati2cqag.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-01-10 15:14 1310720]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Programmer\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2007-01-23 00:37 185896]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Athan"="C:\Programmer\Athan\Athan.exe" [2007-09-06 20:25 1003520]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"antiviirus"="C:\Programmer\antiviirus.exe" [2008-03-12 02:25 21708]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]
"DWQueuedReporting"="c:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

C:\Documents and Settings\Irshad Thaha\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
SpywareGuard.lnk - C:\Programmer\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Logitech Desktop Messenger.lnk - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-07 16:19:00 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BootPrx"= {ff26314f-1d06-49a4-b907-005d69d572f6} - C:\WINDOWS\Installer\{ff26314f-1d06-49a4-b907-005d69d572f6}\BootPrx.dll [2008-03-12 02:24 18574]
"zip"= {a2f2367b-b90e-4638-9cba-7e8fb87f87ec} - C:\WINDOWS\Installer\{a2f2367b-b90e-4638-9cba-7e8fb87f87ec}\zip.dll [2008-03-12 02:25 23266]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"C:\\Programmer\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]

*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-03-13 14:21:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-03-13 16:13:04 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 18:04:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\Installer\{ff26314f-1d06-49a4-b907-005d69d572f6}\BootPrx.dll
-> C:\WINDOWS\Installer\{a2f2367b-b90e-4638-9cba-7e8fb87f87ec}\zip.dll
.
Completion time: 2008-03-13 18:06:22
.
2008-03-12 12:07:24    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
13. marts 2008 - 19:47 #1
Jeg ser på den - der er en del 'snavs' tilbage !!!
Avatar billede Computer Hjælp (Gratis) Mester
13. marts 2008 - 21:37 #2
Afinstaller

* Logitech Desktop Messenger
* µTorrent - Fildelingsprogram
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Programmer\tmp84156.exe
C:\Programmer\tmp78687.exe
C:\Programmer\tmp83406.exe
C:\Programmer\tmp78031.exe
C:\Programmer\tmp43290625.exe
C:\Programmer\tmp85265.exe
C:\Programmer\tmp79765.exe
C:\Programmer\tmp194687.exe
C:\Programmer\tmp188625.exe
C:\Programmer\tmp82578.exe
C:\Programmer\tmp76562.exe
C:\Programmer\tmp15748656.exe
C:\Programmer\tmp15743031.exe
C:\Programmer\antiviirus.exe

Folders to delete:
C:\Programmer\uTorrent
C:\Documents and Settings\Irshad Thaha\Application Data\uTorrent
C:\WINDOWS\Installer\{ff26314f-1d06-49a4-b907-005d69d572f6}\
C:\WINDOWS\Installer\{a2f2367b-b90e-4638-9cba-7e8fb87f87ec}\
~~~~~~~~~~~~~~~~~~

--- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [antiviirus] C:\Programmer\antiviirus.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O21 - SSODL: BootPrx - {ff26314f-1d06-49a4-b907-005d69d572f6} - C:\WINDOWS\Installer\{ff26314f-1d06-49a4-b907-005d69d572f6}\BootPrx.dll
O21 - SSODL: zip - {a2f2367b-b90e-4638-9cba-7e8fb87f87ec} - C:\WINDOWS\Installer\{a2f2367b-b90e-4638-9cba-7e8fb87f87ec}\zip.dll

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.
Avatar billede logitech33 Nybegynder
15. marts 2008 - 10:55 #3
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Programmer\tmp84156.exe" deleted successfully.
File "C:\Programmer\tmp78687.exe" deleted successfully.
File "C:\Programmer\tmp83406.exe" deleted successfully.
File "C:\Programmer\tmp78031.exe" deleted successfully.
File "C:\Programmer\tmp43290625.exe" deleted successfully.
File "C:\Programmer\tmp85265.exe" deleted successfully.
File "C:\Programmer\tmp79765.exe" deleted successfully.
File "C:\Programmer\tmp194687.exe" deleted successfully.
File "C:\Programmer\tmp188625.exe" deleted successfully.
File "C:\Programmer\tmp82578.exe" deleted successfully.
File "C:\Programmer\tmp76562.exe" deleted successfully.
File "C:\Programmer\tmp15748656.exe" deleted successfully.
File "C:\Programmer\tmp15743031.exe" deleted successfully.
File "C:\Programmer\antiviirus.exe" deleted successfully.
Folder "C:\Programmer\uTorrent" deleted successfully.
Folder "C:\Documents and Settings\Irshad Thaha\Application Data\uTorrent" deleted successfully.
Folder "C:\WINDOWS\Installer\{ff26314f-1d06-49a4-b907-005d69d572f6}" deleted successfully.
Folder "C:\WINDOWS\Installer\{a2f2367b-b90e-4638-9cba-7e8fb87f87ec}" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:03, on 15-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Athan\Athan.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Irshad Thaha\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Athan] C:\Programmer\Athan\Athan.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
Avatar billede Computer Hjælp (Gratis) Mester
15. marts 2008 - 11:26 #4
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede logitech33 Nybegynder
15. marts 2008 - 20:22 #5
mange tak for hjælpen :D
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 11 22/11/202420:49 I dag 13:32
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
4 min siden Online Gambling – En Verden af Muligheder Af Luck Frime i Forretning & iværksættere
9 min siden Oplev Nyenett Casino 2025 – Din Nye Favorit Online Casino Af Luck Frime i Faste jobs
40 min siden Makro - Søg efter værdi på tværs af flere ark Af Chjes94 i Excel
I dag 13:27 video dato optaget Af Malm i Foto & video
I går 19:05 ScanTailor: Hvordan bevarer jeg den originale baggrund Af KurtG i Andet software
White papers
Flere white papers »


Premium
Teaser billede
Regeringen vil gøre Danmark til verdensførende AI-nation: Her er den store plan
Læs mere »
14 måneder efter exit: Tradeshift-stifter Mikkel Hippe Bruun ny topchef i globalt it-selskab
Næsten alle partier stærkt utilfredse med Caroline Stages håndtering af AI-plan
Conscias omsætning runder 4,5 milliarder kroner - men pengene vælter ud af kassen
Se alle »
Computerworld
Teaser billede
Omfattende netværksproblemer hos TDC: Nu er årsagen muligvis fundet
Læs mere »
Stortest: Med USB-C skulle alle kabler være lige - men det er de bare slet ikke
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Et ”mareridt for privatlivets fred”: Kontroversiel Windows-funktion er udkommet i en test-version
Se alle »
CIO
Teaser billede
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Læs mere »
Leverandør til 50 danske kommuner ramt af ransomware: "Det er ikke sjovt," siger direktør Thomas à Porta
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Microsoft et døgn efter nedbrud: Stadig problemer med Outlook
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Twoday er rykket til et af de dyreste postnumre i Danmark – og det kan betale sig, siger topchef Lars Berthelsen
Se alle »
White paper
Teaser billede
Governance, Risk & Compliance: Knyt stærke bånd mellem forretning og sikkerhed
Læs mere »
Sådan: Én løsning til compliance, sikkerhed og overblik
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
SAP: Skab værdi og minimér omkostninger med effektiv dokumenthåndtering
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »