Meeeget langsom computer og virtuel hukommelse

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug dog denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

Hvor er antivirus og firewall?

Nu har jeg prøvet Ccleaner og SuperAntiSpyware.
Hijackthis har jeg prøvet at åbne fra den anbefalede side.
ComboFix har jeg forsøgt at åbne, den skriver at jeg ikke kan "rename" filen og så lukker skidtet?

Ved ikke lige hvad jeg ska gøre?

sidste nye hijackthis log :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204104258531
O16 - DPF: {76805459-88F6-4BB1-8EC1-1A4DDC777CFD} (KMDWebSign.zskwsax) - http://logon.kmd.dk/program/zskwsax.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28F99A0-BF1E-469C-8967-52A680D926EC}: NameServer = 80.251.192.244 80.251.192.245
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Enig !

(Du mangler toppen af loggen!)

Selve ComboFix programmet gemmer du vel først en en passende mappe/sted og DERFRA kører programmet ? Uden at have andet åbent!

Åben loggen i notepad - tryk ctrl+a - kopier og sæt herind

Logfile of HijackThis v1.99.1
Scan saved at 20:49:31, on 12-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joan\Lokale indstillinger\Temporary Internet Files\Content.IE5\1VRNAMNY\alternativ[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204104258531
O16 - DPF: {76805459-88F6-4BB1-8EC1-1A4DDC777CFD} (KMDWebSign.zskwsax) - http://logon.kmd.dk/program/zskwsax.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28F99A0-BF1E-469C-8967-52A680D926EC}: NameServer = 80.251.192.244 80.251.192.245
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

"...PS: Brug dog denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe..."

Prøv det der med ComboFix programmet igen !!!

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Sååå den nye hijackthis log og den anden dims...

Forresten.. Disse programmer gør vel at opstarten af min comp. er endnu langsommere end før? Syns det tager utroligt lang tid at starte den..?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:56, on 12-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\spy\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204104258531
O16 - DPF: {76805459-88F6-4BB1-8EC1-1A4DDC777CFD} (KMDWebSign.zskwsax) - http://logon.kmd.dk/program/zskwsax.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28F99A0-BF1E-469C-8967-52A680D926EC}: NameServer = 80.251.192.244 80.251.192.245
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

--
End of file - 5140 bytes


ComboFix 08-06-10.5 - Joan 2008-06-12 21:21:53.1 - NTFSx86
Running from: C:\Programmer\spy\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\emptemp2.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\emptemp2.ini
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\error.log
C:\Programmer\iMeshBar
C:\Programmer\iMeshBar\bar\History\search
C:\WINDOWS\hosts

.
(((((((((((((((((((((((((  Files Created from 2008-05-12 to 2008-06-12  )))))))))))))))))))))))))))))))
.

2008-06-12 19:51 . 2008-06-12 19:51    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-06-12 19:51 . 2008-06-12 19:51    <DIR>    d--------    C:\Documents and Settings\Joan\Application Data\SUPERAntiSpyware.com
2008-06-12 19:51 . 2008-06-12 19:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-12 19:47 . 2008-06-12 19:47    <DIR>    d--------    C:\Programmer\CCleaner
2008-06-11 15:34 . 2008-04-14 17:53    272,256    ---------    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:34 . 2008-04-14 17:53    272,256    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 18:59 . 2008-06-11 17:30    <DIR>    d--hs----    C:\Documents and Settings\All Users\DRM
2008-06-07 18:19 . 2008-06-07 18:19    <DIR>    d--------    C:\Programmer\Windows Media Connect 2

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 19:19    ---------    d-----w    C:\Programmer\spy
2008-06-12 17:50    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-08 12:28    202,752    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 16:54    ---------    d-----w    C:\Programmer\Nokia
2008-04-23 16:45    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 16:42    ---------    d-----w    C:\Programmer\Creative
2008-04-13 17:59    ---------    d-----w    C:\Programmer\Windows Live Safety Center
2007-09-02 14:16    14,774,576    ----a-w    C:\Programmer\IE7-WindowsXP-x86-dan.exe
2005-06-09 05:02    2,083,568    ----a-w    C:\Programmer\WindowsXP-KB894391-x86-DAN.exe
2005-05-16 10:50    2,314,920    ----a-w    C:\Programmer\LimeWireWin.exe
2005-05-02 16:50    2,827,414    ----a-w    C:\Programmer\edonkey.exe
2005-05-02 16:48    175,203    ----a-w    C:\Programmer\kdap250.exe
2005-04-24 15:03    5,059,074    ----a-w    C:\Programmer\iMeshV5.exe
2005-03-07 21:38    2,636,408    ----a-w    C:\Programmer\aawsepersonal.exe
2005-01-17 17:29    6,093,917    ----a-w    C:\Programmer\msjavx86.exe
2005-01-11 16:30    17,182,072    ----a-w    C:\Programmer\AdbeRdr60_dan_full.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"="" []
"HuaWeiEVDO.exe"="C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe" [2007-05-28 19:05 921600]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 90112]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3codecp.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Cleaner"="C:\Programmer\Spyware Cleaner\SpywareCleaner.Exe" /boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programmer\\Windows Media Player\\wmplayer.exe"=
"C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 MTC0001_EB;EB device driver;C:\WINDOWS\system32\ntEB.sys [2001-11-28 10:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f41bbc2-563b-11dc-b361-000c7648aa47}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8953988-b719-11dc-b42d-000c7648aa47}]
\Shell\AutoRun\command - E:\AutoRun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 11:00:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 21:25:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 21:30:10
ComboFix-quarantined-files.txt  2008-06-12 19:30:05

Pre-Run: 16,150,740,992 byte ledig
Post-Run: 16,153,108,480 byte ledig

110    --- E O F ---    2008-06-12 17:16:10

Er stadig nysgerrig efter at vide hvor Antivirusprogrammet gemmer sig?

Disse programmer gør vel at opstarten af min comp. er endnu langsommere end før? Syns det tager utroligt lang tid at starte den..? "

De her programmer kører ikke ved opstart af pc.

Har du defragmenteret?
Ram nok?
Nok plads på harddisken?

Kan være jeg misser noget men de 2 logs ser ok ud ...

Ok, havde bare en mistanke om den SuperAntiSpyware, da den lille bille konstant er i hjørnet og et ikon åbner på skærmen som noget af det første når computeren åbner :-/

Antivirus - har Adaware eller hva det hedder - er det et antivirus-program?
Ellers har jeg bare windows' normale firewall..

Har defragmenteret lige for nogle dage siden, hjalp desværre intet.. Mht. plads, så aner jeg intet om det..

Generelt - SLET følgende:

C:\Programmer\LimeWireWin.exe
C:\Programmer\edonkey.exe

--------

Fik ikke lige fat i - hvad er historien mht SuperAntiSpyware ?

--------

Din log er umiddelbart ren...

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Tjek under enhedshåndtering om din IDE ATA/ATAPI Controller kører i PIO mode. Det er skidt hvis det er tilfældet.

Ad-Aware er ikke et antivirus program, men er det her er--------------------
http://free.grisoft.com/

Hvis du ikke vil have SUPERAntiSpyware popper op når du tænder for din PC kan du gå i Start/Kør/Msconfig/Fanebladet/start og fjerne fluebenet ud for programmet

Det er dog en dårlig idfe for så er man ikke beskyttet.
Superantispyware popper op ja, men forsvinder igen. Ved den metode snif12 nævner så forhindrer man programmet i at starte....

Installer de gratis AVG fra http://free.grisoft.com så er du ok beskyttet!
Lige nu er du pivåben for antivirus, og ufatteligt du ikke har fået virus!!!

slet de nævnte ting og kom med nye logs

@ John Stigers, jeg opfatter det også som det er det han vil

PS. Har SUPERAntiSpyware på vores PCér og scanner hver fredag

Jeg er faktisk en hun, ikke en han :-D

Har installeret det der AVG Free, det har fundet en masse skrammel som skulle slettes, ja eller hva den gør! Og Gik bare ind i SuperAntispyware under indstillinger og fjernede fluebenet under 'opstart ved start af computeren'

Undrer mig lidt over en ting - min computer er stadig utrolig langsom, men efter at have installeret disse ting, så er min computer blevet vildt langsom i opstart!

Når jeg starter computeren og den skriver "indlæser personlige indstillinger", så står den der i næste 5-6 minutter før den kommer videre! Derefter går der jo næsten 5 min. mere før man kan trykke på nogle ikoner på skrivebordet.
Er det tilfældigt at computeren går død/bliver SÅ langsom under opstart?

Hvad kan jeg gøre?

Prøv at dobbeltklikke på Denne Computer/vælg egenskaber på C drevet, hvad er der af ledig plads
Mht. Din første bemærkning-------------ods er 50/50

Stik mig lige en frisk HiJackThis Log ...

Samt også en Frisk ComboFix Log...

EFTER en omgang med nævnte CCleaner !!

ComboFix 08-06-10.5 - Joan 2008-06-17 11:55:20.2 - NTFSx86
Running from: C:\Programmer\spy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-05-17 to 2008-06-17  )))))))))))))))))))))))))))))))
.

2008-06-14 16:46 . 2008-06-16 19:00    <DIR>    d--h-----    C:\$AVG8.VAULT$
2008-06-14 16:39 . 2008-06-16 12:02    <DIR>    d--------    C:\WINDOWS\system32\drivers\Avg
2008-06-14 16:39 . 2008-06-14 16:39    96,520    --a------    C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-14 16:39 . 2008-06-14 16:39    75,272    --a------    C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-14 16:39 . 2008-06-14 16:39    10,520    --a------    C:\WINDOWS\system32\avgrsstx.dll
2008-06-14 16:38 . 2008-06-14 16:38    <DIR>    d--------    C:\Programmer\AVG
2008-06-14 16:38 . 2008-06-14 16:38    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\avg8
2008-06-12 19:51 . 2008-06-12 19:51    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-06-12 19:51 . 2008-06-12 19:51    <DIR>    d--------    C:\Documents and Settings\Joan\Application Data\SUPERAntiSpyware.com
2008-06-12 19:51 . 2008-06-12 19:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-12 19:47 . 2008-06-12 19:47    <DIR>    d--------    C:\Programmer\CCleaner
2008-06-11 15:34 . 2008-04-14 17:53    272,256    ---------    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:34 . 2008-04-14 17:53    272,256    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 18:59 . 2008-06-16 10:33    <DIR>    d--hs----    C:\Documents and Settings\All Users\DRM
2008-06-07 18:19 . 2008-06-07 18:19    <DIR>    d--------    C:\Programmer\Windows Media Connect 2

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 14:13    ---------    d-----w    C:\Programmer\spy
2008-06-12 17:50    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-08 12:28    202,752    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-04-23 16:54    ---------    d-----w    C:\Programmer\Nokia
2008-04-23 16:45    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 16:42    ---------    d-----w    C:\Programmer\Creative
2008-04-23 07:20    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-03-20 08:09    1,845,248    ----a-w    C:\WINDOWS\system32\win32k.sys
2007-09-02 14:16    14,774,576    ----a-w    C:\Programmer\IE7-WindowsXP-x86-dan.exe
2005-06-09 05:02    2,083,568    ----a-w    C:\Programmer\WindowsXP-KB894391-x86-DAN.exe
2005-05-16 10:50    2,314,920    ----a-w    C:\Programmer\LimeWireWin.exe
2005-05-02 16:48    175,203    ----a-w    C:\Programmer\kdap250.exe
2005-04-24 15:03    5,059,074    ----a-w    C:\Programmer\iMeshV5.exe
2005-03-07 21:38    2,636,408    ----a-w    C:\Programmer\aawsepersonal.exe
2005-01-17 17:29    6,093,917    ----a-w    C:\Programmer\msjavx86.exe
2005-01-11 16:30    17,182,072    ----a-w    C:\Programmer\AdbeRdr60_dan_full.exe
.

(((((((((((((((((((((((((((((  snapshot@2008-06-12_21.29.45,46  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 19:12:09    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-06-17 09:40:53    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-06-14 14:39:39    26,184    ----a-w    C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-12-01 20:56:00    96,256    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32    479,232    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34    548,864    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32    626,688    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52    1,101,824    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56    1,093,120    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58    69,632    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00    57,856    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00    40,960    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00    45,056    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00    65,536    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00    57,344    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00    61,440    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00    61,440    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00    61,440    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00    49,152    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00    49,152    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44    65,536    ----a-w    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"="" []
"HuaWeiEVDO.exe"="C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe" [2007-05-28 19:05 921600]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 90112]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-14 16:39 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3codecp.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Cleaner"="C:\Programmer\Spyware Cleaner\SpywareCleaner.Exe" /boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programmer\\Windows Media Player\\wmplayer.exe"=
"C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgemc.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f41bbc2-563b-11dc-b361-000c7648aa47}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8953988-b719-11dc-b42d-000c7648aa47}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 11:03:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 12:04:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 12:16:38
ComboFix-quarantined-files.txt  2008-06-17 10:16:20
ComboFix2.txt  2008-06-12 19:30:11

Pre-Run: 15,949,672,448 byte ledig
Post-Run: 15,942,197,248 byte ledig

136    --- E O F ---    2008-06-12 17:16:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:12, on 17-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\spy\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204104258531
O16 - DPF: {76805459-88F6-4BB1-8EC1-1A4DDC777CFD} (KMDWebSign.zskwsax) - http://logon.kmd.dk/program/zskwsax.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28F99A0-BF1E-469C-8967-52A680D926EC}: NameServer = 80.251.192.244 80.251.192.245
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 5719 bytes

Denne computer - C drevets egenskaber - Anvendt plads = 13,0 GB Ledig plads = 14,8 GB

Afinstaller
* Spyware Cleaner
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...
---------------------------------------

Slet filen
C:\Programmer\LimeWireWin.exe
C:\Programmer\edonkey.exe
og mappen
C:\Programmer\Spyware Cleaner\

---------------------------------------

Ta' en omgang med CCleaner som tidl. nævnt ...