SAS Log, DrWeb Log og Hijackthis Log

Nogen, der ved noget og kan hjælpe?

Hmm...?

Hallo?

Du kan fixe disse 2:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

Men ellers ser din log fin ud. Du har prøvet Ccleaner og defragmenteret? Tjekket i enhedshåndteringen efter overførselstilstand PIO og diverse andre råd du fik i den tråd du henviser til? Hjalp det ikke?

Har du set efter i joblisten om der er en speciel process der bruger din cpukraft?

jaeh, men synes egentlig ikke rigtig, der er nogen, der bruger noget voldsomt meget.. Aktiv systemproces er den, der bruger mest

har bruget ccleaner og defragmenteret mit c-drev.. og har tjekket enhedshåndtering.. Hm.. Men synes ikke, det har hjulpet super meget..

Aktiv systemprocess er det du har til rådighed - altså det der er ledigt lige nu, så hvis den er på 98-99 så er det fint, hvis du ikke lige kører ret meget.

Du kunne måske prøve at skifte din antivirus fra CA ud med den gratis fra AVG - måske er det den der er skyld i det. Norton får tit skylden, så måske har CA's også et problem. Bare en tanke.

Du kan også gå i kontrolpanel-mappeindstillinger-vis og fjerne markering i 'søg efter printere og netværkssteder'.

Har du prøvet at scanne efter fejl på harddisken? Hvis ikke, så lav en scan med automatisk udbedring af fejl.

Så har jeg vist ikke flere råd lige nu :(

Evt. forslag ->
Kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek - MEN inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

Ny log med ALTERNATIV.exe :)

Logfile of HijackThis v1.99.1
Scan saved at 12:33:09, on 29-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HijackThis\ALTERNATIV.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [cctray] "C:\Programmer\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

... er problemet der stadig ? Med tilsyneladende langsomhed ?

Vi prøver lige denne ->

Hent dette værktøj, og gem det på dit skrivebord: http://www.uploads.ejvindh.net/rootchk.exe

Kør programmet rootchk.exe som du gemte på skrivebordet. Efter kort tid vil der dukke en logfil op, som kan findes her C:\rootlog txt. Kopier indholdet af denne log ind i tråden.
NB: Filen "rootchk.exe" bliver af visse antivirus-programmer identificeret som "Trojan". Det har dog ikke noget på sig!

Jeg prøver :)

Logfilen:

********************************* ROOTCHK-(25-04-07)-LOG, by ejvindh
30-04-2007 20:49:49.50

Driver nm (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 20:49:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\koldsgaard@koldsgaard.tk\DFSR\Staging\CS{A3052152-05B8-ADA8-A4E7-A0B25CEDF91E}\01\11-{A3052152-05B8-ADA8-A4E7-A0B25CEDF91E}-v1-{DB0827F3-BB70-4BA4-9C9E-BC0BC67CA791}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\koldsgaard@koldsgaard.tk\DFSR\Staging\CS{A3052152-05B8-ADA8-A4E7-A0B25CEDF91E}\11\11-{B3F4A562-7808-4FC7-B46A-871095139DF1}-v11-{B3F4A562-7808-4FC7-B46A-871095139DF1}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\koldsgaard@koldsgaard.tk\DFSR\Staging\CS{A3052152-05B8-ADA8-A4E7-A0B25CEDF91E}\26\27-{DB0827F3-BB70-4BA4-9C9E-BC0BC67CA791}-v26-{DB0827F3-BB70-4BA4-9C9E-BC0BC67CA791}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1524 bytes hidden from API
C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\koldsgaard@koldsgaard.tk\DFSR\Staging\CS{A3052152-05B8-ADA8-A4E7-A0B25CEDF91E}\26\27-{DB0827F3-BB70-4BA4-9C9E-BC0BC67CA791}-v26-{DB0827F3-BB70-4BA4-9C9E-BC0BC67CA791}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\koldsgaard@koldsgaard.tk\DFSR\Staging\CS{A3052152-05B8-ADA8-A4E7-A0B25CEDF91E}\54\54-{B3F4A562-7808-4FC7-B46A-871095139DF1}-v54-{B3F4A562-7808-4FC7-B46A-871095139DF1}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1074 bytes hidden from API
C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\koldsgaard@koldsgaard.tk\DFSR\Staging\CS{A3052152-05B8-ADA8-A4E7-A0B25CEDF91E}\54\54-{B3F4A562-7808-4FC7-B46A-871095139DF1}-v54-{B3F4A562-7808-4FC7-B46A-871095139DF1}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\morten_b_jensen@hotmail.com\DFSR\Staging\CS{FF1FD9E0-D519-FF00-53CC-074269CB5B73}\01\10-{FF1FD9E0-D519-FF00-53CC-074269CB5B73}-v1-{DB0827F3-BB70-4BA4-9C9E-BC0BC67CA791}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Dan Sunesen\Lokale indstillinger\Application Data\Microsoft\Messenger\sunesen@pr-creation.net\SharingMetadata\paw_sunesen@tdcadsl.dk\DFSR\Staging\CS{0BC4A554-3D70-798F-6039-97DAEC9E8D9F}\01\16-{0BC4A554-3D70-798F-6039-97DAEC9E8D9F}-v1-{DB0827F3-BB70-4BA4-9C9E-BC0BC67CA791}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8

Der er/var tilsyneladende noget ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Jeg prøver :)

"Dan Sunesen" - 07-05-01 10:16:14    Service Pack 2 
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Dan Sunesen\Skrivebord\"


(((((((((((((((((((((((((((((((  Files Created from 2007-04-01 to 2007-05-01  ))))))))))))))))))))))))))))))))))


2007-04-27 23:20    <DIR>    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-27 23:16    614,400    --a------    C:\WINDOWS\system32\ExButton.dll
2007-04-27 23:16    585,728    --a------    C:\WINDOWS\system32\ExMenu.dll
2007-04-27 23:16    507,904    --a------    C:\WINDOWS\system32\ExTab.dll
2007-04-27 23:16    368,912    --a------    C:\WINDOWS\system32\vbar332.dll
2007-04-27 23:16    356,352    --a------    C:\WINDOWS\system32\eSellerateEngine.dll
2007-04-27 23:16    307,200    --a------    C:\WINDOWS\system32\ExPMenu.dll
2007-04-27 23:16    118,784    --a------    C:\WINDOWS\system32\eWebControl.dll
2007-04-27 23:16    1,658,880    --a------    C:\WINDOWS\system32\ExGrid.dll
2007-04-27 23:16    <DIR>    d--------    C:\Programmer\F‘lles filer\eSellerate
2007-04-27 23:15    <DIR>    d--------    C:\Programmer\AnswersThatWork
2007-04-27 14:38    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-27 13:55    3,968    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-19 17:37    208,896    --a------    C:\WINDOWS\system32\NVUNINST.EXE
2007-04-14 13:59    <DIR>    d--------    C:\Programmer\LimeWire
2007-04-12 23:12    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-28 14:42    --------    d--------    C:\Programmer\superantispyware
2007-04-28 11:35    --------    d--------    C:\Programmer\mirc
2007-04-28 00:04    --------    d--------    C:\Programmer\spywareblaster
2007-04-28 00:03    --------    d--------    C:\Programmer\regcleaner
2007-04-27 23:28    --------    d--------    C:\Programmer\spywareguard
2007-04-19 17:36    --------    d--------    C:\Programmer\nvidia
2007-04-17 21:17    --------    d--------    C:\Programmer\winamp
2007-04-08 20:57    --------    d--------    C:\Programmer\msn messenger
2007-04-08 20:14    75280    --a------    C:\WINDOWS\system32\isafprod.dll
2007-04-08 20:14    32528    --a------    C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-08 20:14    26640    --a------    C:\WINDOWS\system32\drivers\vet-filt.sys
2007-04-08 20:14    21648    --a------    C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-04-08 20:14    21392    --a------    C:\WINDOWS\system32\drivers\vet-rec.sys
2007-03-27 11:12    61344    --a------    C:\WINDOWS\system32\perfc006.dat
2007-03-27 11:12    367738    --a------    C:\WINDOWS\system32\perfh006.dat
2007-03-27 09:55    524288    --a------    C:\WINDOWS\system32\divxsm.exe
2007-03-27 09:55    36624    ---------    C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 09:55    3596288    --a------    C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 09:55    200704    --a------    C:\WINDOWS\system32\ssldivx.dll
2007-03-27 09:55    129784    ---------    C:\WINDOWS\system32\pxafs.dll
2007-03-27 09:55    118520    ---------    C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 09:55    116472    ---------    C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 09:55    1044480    --a------    C:\WINDOWS\system32\libdivx.dll
2007-03-27 09:49    73728    --a------    C:\WINDOWS\system32\dpl100.dll
2007-03-27 09:49    593920    --a------    C:\WINDOWS\system32\dpugui11.dll
2007-03-27 09:49    57344    --a------    C:\WINDOWS\system32\dpv11.dll
2007-03-27 09:49    53248    --a------    C:\WINDOWS\system32\dpugui10.dll
2007-03-27 09:49    344064    --a------    C:\WINDOWS\system32\dpus11.dll
2007-03-27 09:49    294912    --a------    C:\WINDOWS\system32\dpu11.dll
2007-03-27 09:49    294912    --a------    C:\WINDOWS\system32\dpu10.dll
2007-03-27 09:49    196608    --a------    C:\WINDOWS\system32\dtu100.dll
2007-03-27 09:48    823296    --a------    C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 09:48    823296    --a------    C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 09:48    802816    --a------    C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 09:48    639066    --a------    C:\WINDOWS\system32\divx.dll
2007-03-17 15:45    292864    --a------    C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:38    577536    --a------    C:\WINDOWS\system32\user32.dll
2007-03-08 17:38    40960    --a------    C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38    281600    --a------    C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:35    1843584    --a------    C:\WINDOWS\system32\win32k.sys
2007-02-16 03:40    124472    --a------    C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-05 22:19    185344    --a------    C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{AA58ED58-01DD-4d91-8333-CF10577473F7}    c:\windows\downloaded program files\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Programmer\\Logitech\\Video\\LogiTray.exe"
"cctray"="\"C:\\Programmer\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Programmer\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"!AVG Anti-Spyware"="\"C:\\Programmer\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Programmer\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
  Authentication Packages    REG_MULTI_SZ      msv1_0\0\0
  Security Packages    REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0wdigest\0\0
  Notification Packages    REG_MULTI_SZ      scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\Adobe Reader Hurtigstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Hurtigstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Hurtigstart"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService    REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService    REG_MULTI_SZ      DnsCache\0\0
rpcss    REG_MULTI_SZ      RpcSs\0\0
imgsvc    REG_MULTI_SZ      StiSvc\0\0
termsvcs    REG_MULTI_SZ      TermService\0\0
HTTPFilter    REG_MULTI_SZ      HTTPFilter\0\0
DcomLaunch    REG_MULTI_SZ      DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command    H:\autoplay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command    I:\SETUP.EXE

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command    J:\autoplay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e476817e-ff5b-11d9-9701-0050bf77a9b3}]
Shell\AutoRun\command    H:\autoplay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e476817f-ff5b-11d9-9701-0050bf77a9b3}]
Shell\AutoRun\command    I:\autoplay.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070428-194240-463
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
backup-20070428-194240-703
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20060429-223000-598
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
backup-20050813-130048-809
O18 - Protocol: bwz0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-657
O18 - Filter: text/html - (no CLSID) - (no file)
backup-20050813-130048-582
O23 - Service: Mramansup - McAfee Corporation - (no file)
backup-20050813-130048-916
O18 - Protocol: bwy0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-337
O18 - Protocol: bwz0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-291
O18 - Protocol: bwy0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-114
O18 - Protocol: bww0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-349
O18 - Protocol: bwx0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-815
O18 - Protocol: bwv0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-996
O18 - Protocol: bwx0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-107
O18 - Protocol: bwu0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-751
O18 - Protocol: bwv0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-629
O18 - Protocol: bwu0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-893
O18 - Protocol: bww0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-699
O18 - Protocol: bws0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-223
O18 - Protocol: bwt0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-962
O18 - Protocol: bws0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-653
O18 - Protocol: bwt0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-208
O18 - Protocol: bwr0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-949
O18 - Protocol: bwr0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-725
O18 - Protocol: bwn0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-755
O18 - Protocol: bwo0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-314
O18 - Protocol: bwn0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-303
O18 - Protocol: bwp0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-857
O18 - Protocol: bwq0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-359
O18 - Protocol: bwo0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-659
O18 - Protocol: bwq0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-391
O18 - Protocol: bwp0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-881
O18 - Protocol: bwm0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-400
O18 - Protocol: bwl0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-507
O18 - Protocol: bwk0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-561
O18 - Protocol: bwl0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-173
O18 - Protocol: bwm0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-436
O18 - Protocol: bwk0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-121
O18 - Protocol: bwi0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-954
O18 - Protocol: bwj0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-117
O18 - Protocol: bwh0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-982
O18 - Protocol: bwi0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-468
O18 - Protocol: bwh0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-940
O18 - Protocol: bwj0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-404
O18 - Protocol: bwg0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-372
O18 - Protocol: bwg0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-220
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
backup-20050813-130048-125
O18 - Protocol: bwf0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-611
O18 - Protocol: bwf0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-865
O18 - Protocol: bwe0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-235
O18 - Protocol: bwe0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-478
O18 - Protocol: bwd0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-129
O18 - Protocol: bwa0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-412
O18 - Protocol: bwb0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-222
O18 - Protocol: bwb0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-312
O18 - Protocol: bwc0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-600
O18 - Protocol: bwa0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-180
O18 - Protocol: bwd0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-878
O18 - Protocol: bwc0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-980
O18 - Protocol: bw90 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-843
O18 - Protocol: bw90s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-184
O18 - Protocol: bw80s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-774
O18 - Protocol: bw80 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-973
O18 - Protocol: bw60s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-915
O18 - Protocol: bw70 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-433
O18 - Protocol: bw60 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-353
O18 - Protocol: bw70s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-551
O18 - Protocol: bw50s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-663
O18 - Protocol: bw50 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-891
O18 - Protocol: bw40s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-393
O18 - Protocol: bw40 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-626
O18 - Protocol: bw30s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-981
O18 - Protocol: bw20 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-897
O18 - Protocol: bw30 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-562
O18 - Protocol: bw20s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-464
O18 - Protocol: bw10 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-705
O18 - Protocol: bw10s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-324
O18 - Protocol: bw00s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-971
O18 - Protocol: bw+0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-587
O18 - Protocol: bw00 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-832
O18 - Protocol: bw-0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-839
O18 - Protocol: bw-0 - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130048-170
O18 - Protocol: bw+0s - {4C1F47C9-02B2-4B13-8F73-C04E9307E962} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20050813-130047-473
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll
backup-20050813-130047-263
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*;localhost
backup-20050813-130047-297
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
backup-20050813-130047-659
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
backup-20050813-130047-442
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 10:24:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-01 10:24:23
C:\ComboFix-quarantined-files.txt ... 07-05-01 10:24

Hmm..?

... dette gav ikke yderliger info...

Lidt almindelig oprydning kan muligvis hjælpe dig videre (defragmentering, sletning af temp-filer, oprydning i registreringsdatabasen osv.):
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=56&PN=1
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=30&PN=1

..