Søg
Avatar billede torben lind Forsker
28. september 2007 - 18:57 Der er 8 kommentarer og
1 løsning

Er der noget der skal væk.

hej allesammen.
er der nogle der har tid til at kigge på min log,da min comp. er blevet lidt langsom.
Logfile of HijackThis v1.99.1
Scan saved at 18:51:04, on 28-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\security\services.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BitTorrent\bittorrent.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 81.31.239.149 paypal.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
Avatar billede torben lind Forsker
28. september 2007 - 18:59 #1
Jeg fik ikke det hele med i loggen så her er den
Logfile of HijackThis v1.99.1
Scan saved at 18:51:04, on 28-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\security\services.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BitTorrent\bittorrent.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 81.31.239.149 paypal.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178312001390
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msnsupport - Unknown owner - C:\WINDOWS\system32\drivers\security\services.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Avatar billede Computer Hjælp (Gratis) Mester
28. september 2007 - 20:20 #2
Afinstaller

* BitTorrent

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

---------------------------------------

Følg guiden herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede torben lind Forsker
28. september 2007 - 20:40 #3
hej dr1 larry.
jeg får desværre ikke tid i aften,men vil starte proceduren imorgen og kommer tilbage.
Avatar billede torben lind Forsker
29. september 2007 - 10:42 #4
Hej. Så har jeg kørt diverse test og her er logfilerne,jeg er først tilbage sidst på eftermiddagen.
ComboFix 07-09-21.2 - "torben" 2007-09-29 10:32:00.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.615 [GMT 2:00]
.

(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-29  )))))))))))))))))))))))))))))))
.

2007-09-29 08:52    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-29 07:51    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-29 07:50    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Foretrukne
2007-09-29 07:50    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Skrivebord
2007-09-29 07:50    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\Mappen Share-to-Web-overf›rsel
2007-09-29 07:49    <DIR>    d--------    C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-09-29 07:37    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-28 18:45    595,927    --a------    C:\WINDOWS\system32\Aquarium.scr
2007-09-25 21:17    <DIR>    d--------    C:\DOCUME~1\torben\APPLIC~1\Corel
2007-09-25 21:11    <DIR>    d--------    C:\Programmer\F‘lles filer\Corel
2007-09-25 21:10    <DIR>    d--------    C:\Programmer\Corel
2007-09-24 21:10    <DIR>    d--------    C:\Programmer\F‘lles filer\Skype
2007-09-20 21:27    <DIR>    d--------    C:\DOCUME~1\torben\APPLIC~1\WebCompiler3
2007-09-05 21:55    <DIR>    d--------    C:\DOCUME~1\torben\APPLIC~1\Aston
2007-09-02 19:49    <DIR>    d--------    C:\DOCUME~1\torben\APPLIC~1\Canon
2007-09-02 19:47    <DIR>    d--------    C:\Programmer\F‘lles filer\Canon

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 09:37    ---------    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 09:09    ---------    d--------    C:\Programmer\BitTorrent
2007-09-29 07:44    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\SUPERAntiSpyware.com
2007-09-28 09:53    ---------    d--------    C:\Programmer\RegVac Registry Cleaner
2007-09-28 09:53    ---------    d--------    C:\Programmer\MagicISO
2007-09-26 20:55    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\Skype
2007-09-25 21:18    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\LimeWire
2007-09-25 21:13    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-09-25 07:50    ---------    d--------    C:\Programmer\NoAdware4
2007-09-24 21:10    ---------    d--------    C:\Programmer\Skype
2007-09-24 21:10    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-09-22 16:35    ---------    d--------    C:\Programmer\LimeWire
2007-09-20 21:20    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\BitTorrent
2007-09-19 08:50    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-12 09:20    ---------    d--------    C:\Programmer\TuneUp Utilities 2007
2007-08-26 08:11    ---------    d--------    C:\Programmer\Webroot
2007-08-26 08:11    ---------    d--------    C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-08-26 08:11    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-08-26 08:10    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\Webroot
2007-08-23 20:19    ---------    d--------    C:\Programmer\Lavasoft
2007-08-23 20:19    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-21 19:37    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\Azureus
2007-08-18 08:24    ---------    d--------    C:\Programmer\18 Wheels of Steel Convoy
2007-08-17 15:44    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-08-17 08:16    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\Apple Computer
2007-08-15 17:23    ---------    d--------    C:\Programmer\MSXML 6.0
2007-08-15 17:22    ---------    d--------    C:\Programmer\MSXML 4.0
2007-08-14 21:32    ---------    d--------    C:\Programmer\Alcohol Soft
2007-08-14 20:33    ---------    d--------    C:\Programmer\MagicDisc
2007-08-14 20:26    3822861604    --a------    C:\Programmer\PC - Toca Race Driver 3  [www.GamesTorrents.com].rar
2007-08-14 17:40    685816    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-08-14 16:13    ---------    d--------    C:\Programmer\Atari
2007-08-13 23:34    108144    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2007-08-13 23:34    ---------    dr-h-----    C:\DOCUME~1\torben\APPLIC~1\SecuROM
2007-08-10 14:51    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-10 14:48    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-10 07:37    ---------    d--------    C:\Programmer\Microsoft AutoRoute
2007-08-09 19:56    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-09 19:55    ---------    d--------    C:\Programmer\Azureus
2007-08-07 09:44    ---------    d--------    C:\Programmer\Raxco
2007-08-06 21:43    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ashampoo
2007-08-04 21:22    86016    --a------    C:\WINDOWS\system32\OpenAL32.dll
2007-08-04 21:22    262144    --a------    C:\WINDOWS\system32\wrap_oal.dll
2007-08-02 08:33    ---------    d--------    C:\DOCUME~1\torben\APPLIC~1\Help
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-19 22:54    1521464    --a------    C:\WINDOWS\WRSetup.dll
2007-06-17 21:31    9232    --a------    C:\DOCUME~1\torben\mqdmmdfl.sys
2007-06-17 21:31    92064    --a------    C:\DOCUME~1\torben\mqdmmdm.sys
2007-06-17 21:31    79328    --a------    C:\DOCUME~1\torben\mqdmserd.sys
2007-06-17 21:31    66656    --a------    C:\DOCUME~1\torben\mqdmbus.sys
2007-06-17 21:31    6208    --a------    C:\DOCUME~1\torben\mqdmcmnt.sys
2007-06-17 21:31    5936    --a------    C:\DOCUME~1\torben\mqdmwhnt.sys
2007-06-17 21:31    4048    --a------    C:\DOCUME~1\torben\mqdmcr.sys
2007-06-17 21:31    25600    --a------    C:\DOCUME~1\torben\usbsermptxp.sys
2007-06-17 21:31    22768    --a------    C:\DOCUME~1\torben\usbsermpt.sys
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Webroot Shared
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer\Raxco
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer\InstallShield
    ---------        C:\Programmer\Fælles filer\DESIGNER
    ---------        C:\Programmer\Fælles filer\Corel
    ---------        C:\Programmer\Fælles filer\Canon
    ---------        C:\Programmer\Fælles filer\Ahead
    ---------        C:\Programmer\Fælles filer
    ---------        C:\DOCUME~1\ADMINI~1\APPLIC~1\Mappen Share-to-Web-overførsel
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-23 10:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-29 09:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp


Logfile of HijackThis v1.99.1
Scan saved at 10:28:51, on 29-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
C:\Documents and Settings\torben\Skrivebord\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 81.31.239.149 paypal.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178312001390
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/29/2007 at 10:24 AM

Application Version : 3.9.1008

Core Rules Database Version : 3316
Trace Rules Database Version: 1317

Scan type      : Complete Scan
Total Scan Time : 00:46:58

Memory items scanned      : 362
Memory threats detected  : 0
Registry items scanned    : 7328
Registry threats detected : 0
File items scanned        : 38378
File threats detected    : 2

Adware.Tracking Cookie
    C:\Documents and Settings\torben\Cookies\torben@hit.stat[1].txt

Trojan.Downloader-Rbot/DllCache
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{770AB0E5-500D-4812-9C2D-C5FF04616ABA}\RP293\A0074855.EXE


********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
29-09-2007 10:29:55,26

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 10:29:56
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:16,73,85,fa,c3,18,65,85,64,3a,be,ef,8d,d0,47,a7,e4,bb,32,2f,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f3,cb,8b,e7,d8,6e,4a,13,ef,7f,3a,af,45,ea,a6,ea,b5,..
"khjeh"=hex:f6,4c,82,5b,fc,f2,80,8c,0f,c7,99,08,04,3a,b5,64,d2,2c,51,a7,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8f,9d,24,7e,e5,5a,42,43,26,d9,e4,e3,04,e7,e2,59,fb,82,4b,93,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programmer\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:55,f0,0a,2f,2c,f5,94,15,11,b7,7c,1c,4f,f8,45,39,fb,1a,f9,57,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:16,73,85,fa,c3,18,65,85,64,3a,be,ef,8d,d0,47,a7,e4,bb,32,2f,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f3,cb,8b,e7,d8,6e,4a,13,ef,7f,3a,af,45,ea,a6,ea,b5,..
"khjeh"=hex:f6,4c,82,5b,fc,f2,80,8c,0f,c7,99,08,04,3a,b5,64,d2,2c,51,a7,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:85,d1,fe,ee,bc,09,c9,29,44,cd,f0,c2,a2,45,ba,da,f3,9f,46,17,cb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Programmer\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:55,f0,0a,2f,2c,f5,94,15,11,b7,7c,1c,4f,f8,45,39,fb,1a,f9,57,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:16,73,85,fa,c3,18,65,85,64,3a,be,ef,8d,d0,47,a7,e4,bb,32,2f,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f3,cb,8b,e7,d8,6e,4a,13,ef,7f,3a,af,45,ea,a6,ea,b5,..
"khjeh"=hex:f6,4c,82,5b,fc,f2,80,8c,0f,c7,99,08,04,3a,b5,64,d2,2c,51,a7,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:85,d1,fe,ee,bc,09,c9,29,44,cd,f0,c2,a2,45,ba,da,f3,9f,46,17,cb,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede Computer Hjælp (Gratis) Mester
29. september 2007 - 11:13 #5
SÅDAN GÅR DET NÅR MAN LEGER MED P2P PROGRAMMER  Grrrrr!!!

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Programmer\PC - Toca Race Driver 3  [www.GamesTorrents.com].rar

Folders to delete:
C:\Programmer\BitTorrent
C:\DOCUME~1\torben\APPLIC~1\LimeWire
C:\Programmer\LimeWire
C:\DOCUME~1\torben\APPLIC~1\BitTorrent
C:\DOCUME~1\torben\APPLIC~1\Azureus
C:\Programmer\18 Wheels of Steel Convoy
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
C:\Programmer\Azureus
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. Sammen med en frisk HiJackThis Log...

---------------------------------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede torben lind Forsker
29. september 2007 - 18:11 #6
hej.
Ja så har jeg lært noget idag også om P2P programmer.
Her er de sidste logfiler.


Logfile of HijackThis v1.99.1
Scan saved at 18:08:20, on 29-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\torben\Skrivebord\hijackthis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 81.31.239.149 paypal.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178312001390
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rrgfkhmx

*******************

Script file located at: \??\C:\Program Files\obxptwwu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Programmer\BitTorrent deleted successfully.
Folder C:\DOCUME~1\torben\APPLIC~1\LimeWire deleted successfully.
Folder C:\Programmer\LimeWire deleted successfully.
Folder C:\DOCUME~1\torben\APPLIC~1\BitTorrent deleted successfully.
Folder C:\DOCUME~1\torben\APPLIC~1\Azureus deleted successfully.
Folder C:\Programmer\18 Wheels of Steel Convoy deleted successfully.
Folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus deleted successfully.
Folder C:\Programmer\Azureus deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede torben lind Forsker
29. september 2007 - 19:04 #7
Hej dr1 larry.
Comp. har fået en hel anden hastighed det er supert.
Jeg ved ikke om vi er færdig med denne omgang,men læg et svar og du får dine velfjortjente point.
Avatar billede Computer Hjælp (Gratis) Mester
29. september 2007 - 20:52 #8
BINGO..

Fik du kørt CCleaner også ?

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede torben lind Forsker
29. september 2007 - 21:27 #9
hej dr1 larry.
ja ccleaner er også kørt,mange tak for hjælpen,jeg vil også gøre de sidste øvelser,så min comp. bliver top tunet.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I går 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
White papers
Flere white papers »