Notifikationer

Markér alle som læst Log ud

varmeskud Praktikant

11. april 2008 - 15:57 Der er 10 kommentarer og
1 løsning

pc ramt af virus - hvad gør jeg?

Hej

Mens jeg ikke har været hjemme. Så er min pc blevet ramt af virus.

Så når jeg åbner nettet kommer der et eller andet mytisk frem. Selv om jeg ændre det til min normale start side kommer det frem igen.

Mit virus program går også amok.

Så hvordan for jeg best fjernet virus/trojan og spam fra min pc?

Synes godt om

Slettet bruger

11. april 2008 - 16:08 #1

http://www.eksperten.dk/artikler/1123

Brug denne guide og du hvis du stadig har et problem, så læg loggen herind

Synes godt om

Computer Hjælp (Gratis) Mester

11. april 2008 - 16:16 #2

... under allle omstændigheder bør (=skal) vi/jeg se omtalte Logfiler ...

Synes godt om

Slettet bruger

11. april 2008 - 16:28 #3

Det kan jeg alligevel heller finde ud af :-)

Synes godt om

Computer Hjælp (Gratis) Mester

11. april 2008 - 16:40 #4

... er det da også for 'mystisk' ? *S*

Synes godt om

levich Nybegynder

11. april 2008 - 16:50 #5

Den korte version:
Hent http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php.
Kør HijackThis, klik på scan, kopier loggens tekst og smidt den herind.

Synes godt om

varmeskud Praktikant

11. april 2008 - 17:35 #6

Hej
Jeg har nu fulgt guiden i det første indlæg.
Her kommer mine log.

ComboFix 08-04-10.9 - kim p 2008-04-11 17:12:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1560 [GMT 2:00]
Running from: C:\Documents and Settings\kim p\Skrivebord\skidt\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\install.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-11 16:28 . 2008-04-11 16:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-11 16:27 . 2008-02-07 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-04-11 16:27 . 2008-03-09 00:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Skabeloner
2008-04-11 16:27 . 2008-02-07 19:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Printere
2008-04-11 16:27 . 2008-02-07 19:31 <DIR> dr------- C:\Documents and Settings\Administrator\Menuen Start
2008-04-11 16:27 . 2008-02-07 19:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2008-04-11 16:27 . 2008-02-07 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Foretrukne
2008-04-11 16:27 . 2008-02-07 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenter
2008-04-11 16:27 . 2008-02-07 19:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Andre computere
2008-04-11 16:23 . 2008-04-11 16:23 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-04-11 16:23 . 2008-04-11 16:23 <DIR> d-------- C:\Documents and Settings\kim p\Application Data\SUPERAntiSpyware.com
2008-04-11 16:23 . 2008-04-11 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-11 16:18 . 2008-04-11 16:18 <DIR> d-------- C:\Programmer\CCleaner
2008-04-11 14:56 . 2008-04-11 14:57 <DIR> d-------- C:\Programmer\Panda Security
2008-04-11 12:49 . 2008-04-11 12:53 <DIR> d-------- C:\Documents and Settings\kim p\Application Data\WinSpyControl
2008-04-11 12:48 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-11 12:47 . 2008-04-11 12:47 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\winpcdoctor
2008-04-11 12:46 . 2008-04-11 16:27 <DIR> d-------- C:\Programmer\Fælles filer\WinPCDoctor
2008-04-11 12:46 . 2008-04-11 12:46 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-11 12:19 . 2008-04-11 12:19 <DIR> d-------- C:\WINDOWS\system32\215651
2008-04-11 12:19 . 2008-04-11 12:58 <DIR> d-------- C:\Programmer\NetProject
2008-04-08 23:44 . 2008-04-08 23:44 <DIR> d-------- C:\Programmer\XviD
2008-04-08 23:43 . 2008-04-08 23:43 <DIR> d-------- C:\Programmer\XP Codec Pack
2008-04-07 23:13 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-07 23:13 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-16 03:08 . 2007-02-28 18:03 2,182,912 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-03-16 03:08 . 2007-02-28 18:03 2,138,624 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-03-16 03:08 . 2007-02-28 18:03 2,060,160 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-03-16 03:08 . 2007-02-28 18:03 2,018,304 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-03-16 03:06 . 2006-06-14 10:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-03-16 03:06 . 2006-06-01 20:48 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-03-16 03:06 . 2006-06-14 11:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-03-16 03:06 . 2006-06-01 20:48 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-03-16 03:06 . 2006-06-14 10:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-03-16 03:05 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-03-12 22:14 . 2008-03-12 22:14 <DIR> d-------- C:\Documents and Settings\kim p\CDCARDS
2008-03-12 22:14 . 2008-03-12 22:14 <DIR> d-------- C:\Documents and Settings\kim p\.oces

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 14:23 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-11 12:41 --------- d-----w C:\Programmer\Google
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-09 20:16 --------- d-----w C:\Documents and Settings\kim p\Application Data\.ABC
2008-03-05 15:29 --------- d-----w C:\Programmer\Winamp3
2008-03-05 15:17 810 ----a-w C:\Programmer\INSTALL.LOG
2008-02-29 02:01 --------- d-----w C:\Programmer\Windows Live
2008-02-28 04:54 --------- d-----w C:\Programmer\Microsoft SQL Server Compact Edition
2008-02-28 04:50 --------- dcsh--w C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-02-28 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 02:26 --------- d-----w C:\Programmer\Windows Media Connect 2
2008-02-26 02:07 --------- d-----w C:\Programmer\ABC
2008-02-22 12:06 --------- d-----w C:\Programmer\Whisper Technology
2008-02-18 13:53 --------- d-----w C:\Programmer\Java
2008-02-18 13:53 --------- d-----w C:\Programmer\Fælles filer\Java
2008-02-14 16:01 --------- d-----w C:\Programmer\TDC
2008-02-14 16:01 --------- d-----w C:\Documents and Settings\kim p\Application Data\Cryptomathic
2008-02-13 22:00 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-02-07 17:01 118,784 ----a-r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-02-01 10:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"LDM"="C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-07 19:01 32768]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
DMX 6fire 2496 ControlPanel.lnk - C:\Programmer\TerraTec\DMX 6fire\DMX6Fire.exe [2008-02-07 19:43:11 335872]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 19:21:38 147456]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]
Logitech Desktop Messenger.lnk - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-07 19:01:11 450560]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2008-02-07 19:00:08 450560]
RAID Manager.lnk - C:\Programmer\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2008-02-07 19:38:24 724992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-07-23 18:58 12288 C:\Programmer\Winamp3\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 11:19]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 dmxfire;DMX6fire WDM Audio;C:\WINDOWS\system32\drivers\dmx6fire.sys [2003-08-29 10:30]
R3 dmxsens;dmxsens;C:\WINDOWS\system32\drivers\dmxsens.sys [2003-07-22 15:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 18:01:04 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1202410189.job"
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 17:13:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 17:14:01
ComboFix-quarantined-files.txt 2008-04-11 15:13:57
Pre-Run: 14,731,075,584 byte ledig
Post-Run: 14,721,888,256 byte ledig
.
2008-04-11 01:00:17 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 17:03:23, on 11-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\kim p\Skrivebord\skidt\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAID Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2008 at 05:34 PM

Application Version : 4.0.1154

Core Rules Database Version : 3436
Trace Rules Database Version: 1428

Scan type : Complete Scan
Total Scan Time : 00:16:38

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 4753
Registry threats detected : 13
File items scanned : 20359
File threats detected : 65

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004}
HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004}
HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004}\InProcServer32
HKCR\CLSID\{65BBF06C-EA06-4818-92A3-F3550D0E1004}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RKVDR.DLL

Trojan.Media-Codec/V4
HKLM\Software\Classes\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}
HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}
HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}#xxx
HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32
HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32#ThreadingModel
C:\PROGRAMMER\NETPROJECT\SBMDL.DLL

Adware.Tracking Cookie
C:\Documents and Settings\kim p\Cookies\kim p@rdr.hitmngr[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@www.malwarecore[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@showit[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@1051784820[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@sale.winspycontrol[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@dk.advancedcleaner[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@rambler[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@ex=1[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@hit.stat[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@please[3].txt
C:\Documents and Settings\kim p\Cookies\kim p@0[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@count.rbc[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@1072730929[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@list[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@1062758293[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@officialstat[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@links[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@0[4].txt
C:\Documents and Settings\kim p\Cookies\kim p@1069448597[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@1070833918[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@1064398213[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@advancedcleaner[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@cgi-bin[5].txt
C:\Documents and Settings\kim p\Cookies\kim p@1068415365[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@81785207[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@0[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@1051402379[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@secure.winpcdoctor[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@1071649275[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@82763522[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@antispykit[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@1058552521[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@4670415[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@secure.advancedcleaner[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@cgi-bin[3].txt
C:\Documents and Settings\kim p\Cookies\kim p@hitcount[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@please[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@winspycontrol[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@doubleclick[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@adtech[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@www.virusranger[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@track.adform[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@winpcdoctor[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@www.antispyshield[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@www.virusheat[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@virusranger[1].txt
C:\Documents and Settings\kim p\Cookies\kim p@accounts[3].txt
C:\Documents and Settings\kim p\Cookies\kim p@accounts[2].txt
C:\Documents and Settings\kim p\Cookies\kim p@country[1].txt

Malware.LocusSoftware Inc/WinSpyControl
C:\Documents and Settings\kim p\Application Data\WinSpyControl\Logs\threats.log
C:\Documents and Settings\kim p\Application Data\WinSpyControl\Logs\update.log
C:\Documents and Settings\kim p\Application Data\WinSpyControl\Logs
C:\Documents and Settings\kim p\Application Data\WinSpyControl\PGE.dat
C:\Documents and Settings\kim p\Application Data\WinSpyControl

Trojan.Media-Codec/V5
C:\Programmer\NetProject
HKU\S-1-5-21-1547161642-823518204-725345543-1003\Software\NetProject
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#UninstallString

Rogue.WinPCDoctor
C:\Programmer\Fælles filer\WinPCDoctor

Rogue.WinPCDoctor-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP38\A0005342.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP38\A0005595.EXE

Malware.LocusSoftware Inc/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP38\A0005393.EXE

Rogue.NetProject-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP38\A0005416.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP39\A0005664.EXE

Rogue.AVSystemCare/Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP39\A0005660.EXE

Trojan.FakeAlert-Gen/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP39\A0005663.DLL

Synes godt om

Computer Hjælp (Gratis) Mester

12. april 2008 - 16:12 #7

SAS + ComboFix har ædt en del Uønskede elementer!

Efterfølgende oprydning:

---------------------------------------

Afinstaller

* Logitech Desktop Messenger (*)

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: bw+0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Alle disse O18 linier - hvis de er der)

Genstart normalt

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

Synes godt om

varmeskud Praktikant

12. april 2008 - 20:24 #8

Jeg kan ikke finde disse

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: bw+0 - {43BE6673-F02B-4EE4-A731-CB8635331764} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Alle disse O18 linier - hvis de er der)

Synes godt om

varmeskud Praktikant

12. april 2008 - 20:26 #9

Logfile of HijackThis v1.99.1
Scan saved at 20:26:36, on 12-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\kim p\Skrivebord\skidt\alternativ.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.varmeskud.dk/foretrukne/1.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAID Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Synes godt om

Computer Hjælp (Gratis) Mester

12. april 2008 - 20:46 #10

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

-------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

-------------

Husk komplet WindowsUpdate -> http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da

Synes godt om

varmeskud Praktikant

12. april 2008 - 22:37 #11

Jeg takker rigtig mange gange.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

09/01

Folk frygtede, at Google ville ende som Nokia - her er historien om, hvordan søgegiganten pludselig blev den stærkeste AI-spiller på kloden

09/01

Prøvekørt: Renault 4 E-Tech er et retro-offensiv, der ikke glemmer det praktiske

09/01

Kinas cyberoffensiv mod USA viser, hvor sårbar den digitale supermagt er

09/01

Nørgaard: Nørgaard: Mit mål i dag er at bringe jer gode nyheder, der får smilet frem

09/01

Kunderne undrer sig: Microsoft har i al stilhed skrottet særlig licens i Power Platform

09/01

Sådan skaber du den perfekte it-struktur ifølge Gartner - uden at kvæle innovation og øge cyberrisiko

09/01

Efter markant kritik fra kunder: Microsoft skrotter plan om loft i Exchange

09/01

IBM Danmark vinder hemmeligholdt udbud hos Forsvarsministeriet: Var eneste selskab der bød

09/01

Bøger: Fem fremragende bud på ny sci-fi

09/01

Digital rådgiver på 71 år har ingen planer om at stoppe med at arbejde: ”Jeg har oplevet nogle, der følte sig gamle som 35-årige”

09/01

AI-funktioner rulles ud til tre milliarder Gmail-brugere: Du skal selv slå det fra, hvis du ikke er interesseret

Vis flere artikler

IT-JOB

Csis Security Group A/S

Content Marketing Manager & Strategist

KMD A/S

Project & Account Manager

KMD A/S

SAP Solution Specialist

Statens IT

Datateknikerelever med speciale i Cybersecurity

Epona A/S

Senior Developer

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 15:51	Slet album i Google foto Af gerhardpet i Andet software
09/0108:19	Gendan W10 efter nulstillet computer Af barth i Andet software
08/0112:38	Kopiere fra stifinder Af hkprofil i Office & Kontorpakker
07/0118:18	jpg til jpeg Af Nysum i Billedbehandling
07/0113:19	Formateret USB Af arnepedersen i Backup- & Antivirus

White papers

Undersøgelse: Datakontrol rykker helt op på direktionsniveau
ScanNet
IT i front: Sådan bliver netværk en strategisk driver
TDC Erhverv
Styrk medarbejderglæde og produktivitet med DEX
Conscia
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta

Flere white papers »