Er der noget snavs at se i denne hijackthis fil

Fix:

C:\PROGRA~1\4\ucookw.exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\4\ucookw.exe" -start
O4 - HKLM\..\Run: [dcbd95ba] rundll32.exe "C:\WINDOWS\system32\vbxladqg.dll",b
O4 - HKLM\..\Run: [BMdf8ea626] Rundll32.exe "C:\WINDOWS\system32\iwgkxomd.dll",s
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\system32\spool.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)

Og kør derefter denne vejledning http://www.eksperten.dk/artikler/1123

Du skal for øvrigt også køre denne så hurtigt som muligt ;) http://downloads.subratam.org/Fixwareout.exe

Pga ->
NameServer = 85.255.113.92,85.255.112.83

SKAL du (også) køre denne ->

Under dette fix vil computeren blive genstartet, og du bør derfor printe vejledningen ud, for at have den ved din side under hele fixet. Fixet skal bruge adgang til internettet, så det skal du sikre dig, at der er.

1. Hent FixWareout fra et af disse links:

http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

2. Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i "Run fixit" - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt...

3. Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil der åbnes en log (report.txt), som du skal gemme og lægge herind i næste post.

--------------------------------------------------
Hvis du får en fejl ang. manglende autoexec.nt
Prøv lige at finde c:\windows\repair\autoexec.nt, kopier den over i C:\windows\system32.
----------------------------------------------

(OK - det var vi enige om *S*)

karise_larry -> jeg sad vist og sov lidt ;)

Tak for svarene.
Et enkelt spørgsmål inden jeg kontakter kollegaen.
Når I skriver:    "Fix:"

hvordan er det så lige jeg gør det?

I HiJackThis sætter du markering ved de anviste linier og trykker på 'Fix checked' - du skal ikke have andre vinduer åbne imens.

Selvfølgeligt - nu husker jeg det. Jeg vender først tilbage med svar/spørgsmål i løbet af en uges tid, da jeg ikke har pcén ved min side.

Her er kun to logfiler. Jeg fandt aldrig ud af dette: Dobbeltklik på Alternativ.exe, klik på "Do a system scan and save a logfile",

Combofix sluttede så hhurtigt at jeg ikke ved om det er denne fil I skal bruge:

Username "sanne" - 13-04-2008 10:07:44 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdxut.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.92 85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{57A93089-98C0-4399-9BAA-B359DAF14813}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{76329FCE-0202-47EE-BCC2-ED4A7F161427}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{917D29FE-1B6D-40B9-B64F-CA5435119611}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F5C6B28E-440F-4BA9-9483-6C982277B17A}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3ADEC526-BBAC-437F-B19B-AB5EC5D46FA7}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{57A93089-98C0-4399-9BAA-B359DAF14813}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{76329FCE-0202-47EE-BCC2-ED4A7F161427}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{917D29FE-1B6D-40B9-B64F-CA5435119611}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F5C6B28E-440F-4BA9-9483-6C982277B17A}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdxut.ren 82432 13-06-2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"SO5 Integrator Pass Two"="C:\\WINDOWS\\SOINTGR.EXE"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Programmer\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programmer\\Logitech\\Video\\LogiTray.exe"
"ShStatEXE"="\"C:\\Programmer\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Programmer\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Programmer\\Fælles filer\\Network Associates\\TalkBack\\TBMon.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"HP Component Manager"="\"C:\\Programmer\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Programmer\\HP\\HP Software Update\\HPWuSchd2.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"MMTray"="\"C:\\Programmer\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"4"="C:\\Programmer\\4\\SysRep.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programmer\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"
"Steam"="\"c:\\programmer\\valve\\steam\\steam.exe\" -silent"
"LDM"="C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"swg"="C:\\Programmer\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~



Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:56, on 13-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\4\SysRep.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
F:\Virus hjælp\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rememberhomepage.com/?cm=906&lt=1&it=2008-03-17%2023%3A20%3A32&dt=2008-03-25%2019%3A24%3A22&q=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [4] C:\Programmer\4\SysRep.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157310116818
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Nu tror jeg det lykkedes med de 3 rigtige logfiler, her de:
Logfile of HijackThis v1.99.1
Scan saved at 13:12, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\sanne\Skrivebord\Virus hjælpe filer og programmer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rememberhomepage.com/?cm=906&lt=1&it=2008-03-17%2023%3A20%3A32&dt=2008-03-25%2019%3A24%3A22&q=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157310116818
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxwvut - byxwvut.dll (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

ComboFix 08-04-12.5 - sanne 2008-04-13 13:14:42.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.122 [GMT 2:00]
Running from: C:\Documents and Settings\sanne\Skrivebord\Virus hjælpe filer og programmer\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BMdf8ea626.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\bekqbgku.ini
C:\WINDOWS\system32\bjovrcbl.dll
C:\WINDOWS\system32\bojrobgx.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\fagjafcb.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\gqdalxbv.ini
C:\WINDOWS\system32\iqxlxprx.dll
C:\WINDOWS\system32\irrtikjm.dll
C:\WINDOWS\system32\iwgkxomd.dll
C:\WINDOWS\system32\maqgqfsi.dll
C:\WINDOWS\system32\meeptmlt.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\oarmfuxg.dll
C:\WINDOWS\system32\otqvyooo.dll
C:\WINDOWS\system32\pknldisp.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\qswqvwkh.dll
C:\WINDOWS\system32\rdtggymb.dll
C:\WINDOWS\system32\srjeviss.dll
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\ukgbqkeb.dll
C:\WINDOWS\system32\ulwwujmj.dll
C:\WINDOWS\system32\vbxladqg.dll

.
(((((((((((((((((((((((((  Files Created from 2008-03-13 to 2008-04-13  )))))))))))))))))))))))))))))))
.

2008-04-13 10:15 . 2008-04-13 10:15    <DIR>    d--------    C:\Programmer\CCleaner
2008-04-13 10:07 . 2008-04-13 10:10    <DIR>    d--------    C:\fixwareout
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\SUPERAntiSpyware.com
2008-04-12 12:28 . 2008-04-12 12:28    <DIR>    d--------    C:\Documents and Settings\sanne\DoctorWeb
2008-04-09 19:18 . 2008-04-09 19:18    3,648    --a------    C:\WINDOWS\system32\bjanqaii.dll
2008-04-07 15:58 . 2008-04-09 18:11    1,555,471    ---hs----    C:\WINDOWS\system32\mvuqnnis.ini
2008-04-07 14:55 . 2008-04-07 14:55    2,123,122    ---hs----    C:\WINDOWS\system32\rnhfqvwu.ini
2008-04-02 17:31 . 2008-04-07 14:50    1,592,281    ---hs----    C:\WINDOWS\system32\xxkmjwxo.ini
2008-03-31 21:23 . 2008-04-02 17:24    1,597,654    ---hs----    C:\WINDOWS\system32\dgnxiwmv.ini
2008-03-30 21:22 . 2008-03-31 21:23    1,597,474    ---hs----    C:\WINDOWS\system32\wofopohj.ini
2008-03-30 20:52 . 2008-03-30 20:52    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\4
2008-03-30 20:47 . 2008-03-30 20:47    <DIR>    dr-------    C:\Documents and Settings\All Users\Application Data\4
2008-03-30 20:46 . 2008-04-13 13:07    <DIR>    d--------    C:\Programmer\4
2008-03-30 17:31 . 2008-03-30 17:31    261,664    --a------    C:\Documents and Settings\sanne\Application Data\setup_dk[1].exe
2008-03-28 18:18 . 2008-03-29 21:21    1,584,057    ---hs----    C:\WINDOWS\system32\cuvkxqad.ini
2008-03-27 17:08 . 2008-03-28 18:17    1,584,079    ---hs----    C:\WINDOWS\system32\jpstsfvt.ini
2008-03-18 18:27 . 2008-04-13 13:14    <DIR>    d--------    C:\quarantine
2008-03-18 16:42 . 2008-03-18 16:42    <DIR>    d--------    C:\Program Files
2008-03-18 00:21 . 2008-03-25 20:42    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 21:06 . 2008-04-09 21:56    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\LimeWire
2008-03-16 00:36 . 2008-03-16 00:36    21,035    --a------    C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-16 00:35 . 2008-03-16 00:35    <DIR>    d--------    C:\Programmer\NETGEAR
2008-03-16 00:35 . 2008-03-16 00:35    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\InstallShield
2008-03-16 00:35 . 2007-04-26 16:00    1,069,056    --a------    C:\WINDOWS\system32\libeay32.dll
2008-03-16 00:35 . 2005-07-19 14:53    966,765    --a------    C:\WINDOWS\system32\acAuth.dll
2008-03-16 00:35 . 2007-05-16 17:23    356,352    --a------    C:\WINDOWS\system32\SCMLib.dll
2008-03-16 00:35 . 2007-05-16 15:17    262,144    --a------    C:\WINDOWS\system32\WG1v2lib.dll
2008-03-16 00:35 . 2007-02-06 23:22    194,304    --a------    C:\WINDOWS\system32\drivers\wg111v2.sys
2008-03-16 00:35 . 2005-01-25 00:30    143,360    --a------    C:\WINDOWS\system32\IpLib.dll
2008-03-16 00:35 . 2006-07-27 00:26    36,864    --a------    C:\WINDOWS\system32\RtlGina2.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:49    ---------    d-----w    C:\Programmer\Diablo II
2008-04-09 16:15    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-16 19:23    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-03-12 18:05    ---------    d-----w    C:\Documents and Settings\sanne\Application Data\MSN6
2008-03-12 18:05    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\MSN6
.

(((((((((((((((((((((((((((((  snapshot@2008-04-13_11.31.20.98  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 09:26:00    12,360    ----a-w    C:\WINDOWS\system32\tablet.dat
+ 2008-04-13 11:09:09    12,360    ----a-w    C:\WINDOWS\system32\tablet.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-03-28 18:18 1271032]
"LDM"="C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 19:30 67128]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 21:33 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-04-06 11:35 1228800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 18:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2002-07-30 15:50 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 05:20 20480]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-01-19 11:05 221184]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-19 11:45 458752]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-19 11:39 217088]
"ShStatEXE"="C:\Programmer\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 12:56 188416]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"MMTray"="C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-07-19 11:05 135168]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-03-15 19:08:06 241664]
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2004-03-15 19:45:34 53248]
Hurtig start af Microsoft Office OneNote 2003.lnk - C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
Logitech Desktop Messenger.lnk - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 19:30:48 67128]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-01-28 15:54:57 688128]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Programmer\NETGEAR\WG111v2\WG111v2.exe [2008-03-16 00:35:57 1261568]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-02-04 21:26:27 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-02-16 17:51 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwvut]
byxwvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-03-08 12:32 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"C:\\Programmer\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"C:\\Programmer\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\counter-strike\\hl.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\counter-strike source\\hl2.exe"=
"C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Valve\\Steam\\steam.exe"=

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 23:22]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-04-13 09:34:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 13:17:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
Completion time: 2008-04-13 13:18:27
ComboFix-quarantined-files.txt  2008-04-13 11:18:14
Pre-Run: 87,385,780,224 byte ledig
Post-Run: 87,375,093,760 byte ledig
.
2008-03-20 12:47:56    --- E O F --- 


SUPERAntiSpyware Scan Log
Generated 04/13/2008 at 12:58 PM

Core Rules Database Version : 2847
Trace Rules Database Version: 1028

Memory threats detected  : 0
Registry threats detected : 0
File threats detected    : 0

Loggen ser ren ud bortset fra lidt oprydning:

Fix

O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - (no file)

O20 - Winlogon Notify: byxwvut - byxwvut.dll (file missing)

Har du stadig problemer?

Disse 2 kan også fixes:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Det ser ud til at virke, dog er der 3 ting der dukker op den ene er denne meddelelse efter genstart/opstart. Det er et aflangt gråt vindue med en tekst der siger noget i retning af : CoreDll blev ikke fundet, installer evt. prg. igen.
Den anden er en "alm" ms besked om at sende eller undlade at sende en fejlrapport - Der er denne tekst øverst i meddelelsen: QuickCam Database har fundet en fejl og afsluttes, vi beklager fejlen.
Den sidste "sjove" ting er at jeg har to Pcér stående ved siden af hinanden - de er begge koblet til samme internet og er begge inaktive, men den du nu har hjulpet med at rense finder, via Mcafee, virus af og til, det gør min egen med AVG ikke (men er altså heller ikke inficeret.

Nu er internettet faktisk væk på den tidligere inficerede maskine!!!!!!

Hvis du ikke kan komme på internettet så prøv denne og se om det hjælper http://www.cexx.org/LSPFix.exe

Coredll er en fil til MusicMatch ser det ud til. Har du mulighed for at geninstallere de 2 programmer - QuickCam og MusicMatch der tilsyneladende er problemer med?

Jeg har lige sat den i fejlsikret tilstand og er ved at køre en Vrus on demand scan med mcafee. Indtil videre har den fundet 30 filer. De fleste er detected as Puper.gen.e
Ens for dem alle er at de ligger i mappen: c:/systemVolumenInformation/_restore osv.osv
Jeg venter til den er færdig med at prøve dit nye link.

Jeg kan afinstallere dem begge - det er ikke programmer der skal bruges af styresystem eller sådan noget, vel?

Nu har jeg prøvet at lede efter dem i "tilføj fjern" men kan ikke finde dem, så afinstallere dem lader sig nok ikke gøre

Det er systemgendannelses filer - du kan bare stoppe systemgendannelse og starte den igen - så er de væk.

Nej de 2 programmer er nogen der er lagt på senere - har intet med Windows at gøre.

Nu har jeg fundet og slettet mapperne med de oplyste navne, jeg har kørt lspfix og der var intet at fjerne i højre side. Jeg har fjernet og tilføjet systemgendannelsen og har nu genstartet pcén - Og nu kom denne op igen: QuickCam Album Database har fundet en fejl og afsluttes ......... efterfulgt af denne: Ligitech QuickCam Startup Application har fundet en fejl og afsluttes.
Jeg har valgt at Køre ccleaner, fixware hijackthis og combo igen - da jeg kom til combo prg. poppede mcafee op med en fundet virus der hedder Av-test.exe (det gjorde den også sidste gang!
jeg vedhæfter de logs jeg har skarabet sammen - men helt ærligt skal jeg ikke oprette et nyt spørgsmål så du kan få lidt flere point for alt det arbejde?

Logfile of HijackThis v1.99.1
Scan saved at 18:16:18, on 13-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\sanne\Skrivebord\Virus hjælpe filer og programmer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rememberhomepage.com/?cm=906&lt=1&it=2008-03-17%2023%3A20%3A32&dt=2008-03-25%2019%3A24%3A22&q=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157310116818
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A93089-98C0-4399-9BAA-B359DAF14813}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{76329FCE-0202-47EE-BCC2-ED4A7F161427}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{917D29FE-1B6D-40B9-B64F-CA5435119611}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C6B28E-440F-4BA9-9483-6C982277B17A}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe



ComboFix 08-04-12.5 - sanne 2008-04-13 18:17:35.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.170 [GMT 2:00]
Running from: C:\Documents and Settings\sanne\Skrivebord\Virus hjælpe filer og programmer\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-03-13 to 2008-04-13  )))))))))))))))))))))))))))))))
.

2008-04-13 10:15 . 2008-04-13 10:15    <DIR>    d--------    C:\Programmer\CCleaner
2008-04-13 10:07 . 2008-04-13 18:00    <DIR>    d--------    C:\fixwareout
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\SUPERAntiSpyware.com
2008-04-12 12:28 . 2008-04-12 12:28    <DIR>    d--------    C:\Documents and Settings\sanne\DoctorWeb
2008-04-09 19:18 . 2008-04-09 19:18    3,648    --a------    C:\WINDOWS\system32\bjanqaii.dll
2008-04-07 15:58 . 2008-04-09 18:11    1,555,471    ---hs----    C:\WINDOWS\system32\mvuqnnis.ini
2008-04-07 14:55 . 2008-04-07 14:55    2,123,122    ---hs----    C:\WINDOWS\system32\rnhfqvwu.ini
2008-04-02 17:31 . 2008-04-07 14:50    1,592,281    ---hs----    C:\WINDOWS\system32\xxkmjwxo.ini
2008-03-31 21:23 . 2008-04-02 17:24    1,597,654    ---hs----    C:\WINDOWS\system32\dgnxiwmv.ini
2008-03-30 21:22 . 2008-03-31 21:23    1,597,474    ---hs----    C:\WINDOWS\system32\wofopohj.ini
2008-03-30 20:52 . 2008-03-30 20:52    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\4
2008-03-30 20:47 . 2008-03-30 20:47    <DIR>    dr-------    C:\Documents and Settings\All Users\Application Data\4
2008-03-30 20:46 . 2008-04-13 13:07    <DIR>    d--------    C:\Programmer\4
2008-03-30 17:31 . 2008-03-30 17:31    261,664    --a------    C:\Documents and Settings\sanne\Application Data\setup_dk[1].exe
2008-03-28 18:18 . 2008-03-29 21:21    1,584,057    ---hs----    C:\WINDOWS\system32\cuvkxqad.ini
2008-03-27 17:08 . 2008-03-28 18:17    1,584,079    ---hs----    C:\WINDOWS\system32\jpstsfvt.ini
2008-03-18 18:27 . 2008-04-13 18:17    <DIR>    d--------    C:\quarantine
2008-03-18 16:42 . 2008-03-18 16:42    <DIR>    d--------    C:\Program Files
2008-03-18 00:21 . 2008-03-25 20:42    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 21:06 . 2008-04-09 21:56    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\LimeWire
2008-03-16 00:36 . 2008-03-16 00:36    21,035    --a------    C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-16 00:35 . 2008-03-16 00:35    <DIR>    d--------    C:\Programmer\NETGEAR
2008-03-16 00:35 . 2008-03-16 00:35    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\InstallShield
2008-03-16 00:35 . 2007-04-26 16:00    1,069,056    --a------    C:\WINDOWS\system32\libeay32.dll
2008-03-16 00:35 . 2005-07-19 14:53    966,765    --a------    C:\WINDOWS\system32\acAuth.dll
2008-03-16 00:35 . 2007-05-16 17:23    356,352    --a------    C:\WINDOWS\system32\SCMLib.dll
2008-03-16 00:35 . 2007-05-16 15:17    262,144    --a------    C:\WINDOWS\system32\WG1v2lib.dll
2008-03-16 00:35 . 2007-02-06 23:22    194,304    --a------    C:\WINDOWS\system32\drivers\wg111v2.sys
2008-03-16 00:35 . 2005-01-25 00:30    143,360    --a------    C:\WINDOWS\system32\IpLib.dll
2008-03-16 00:35 . 2006-07-27 00:26    36,864    --a------    C:\WINDOWS\system32\RtlGina2.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 15:49    ---------    d-----w    C:\Programmer\Logitech
2008-04-13 15:45    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-04-09 19:49    ---------    d-----w    C:\Programmer\Diablo II
2008-04-09 16:15    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-12 18:05    ---------    d-----w    C:\Documents and Settings\sanne\Application Data\MSN6
2008-03-12 18:05    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\MSN6
.

(((((((((((((((((((((((((((((  snapshot@2008-04-13_11.31.20.98  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 09:26:00    12,360    ----a-w    C:\WINDOWS\system32\tablet.dat
+ 2008-04-13 16:10:50    12,360    ----a-w    C:\WINDOWS\system32\tablet.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-03-28 18:18 1271032]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 21:33 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-04-06 11:35 1228800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 18:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2002-07-30 15:50 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 05:20 20480]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-01-19 11:05 221184]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-19 11:45 458752]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-19 11:39 217088]
"ShStatEXE"="C:\Programmer\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 12:56 188416]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-03-15 19:08:06 241664]
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2004-03-15 19:45:34 53248]
Hurtig start af Microsoft Office OneNote 2003.lnk - C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Programmer\NETGEAR\WG111v2\WG111v2.exe [2008-03-16 00:35:57 1261568]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-02-04 21:26:27 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-02-16 17:51 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-03-08 12:32 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"C:\\Programmer\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"C:\\Programmer\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\counter-strike\\hl.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\counter-strike source\\hl2.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Valve\\Steam\\steam.exe"=

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 23:22]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-04-13 13:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 18:20:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
Completion time: 2008-04-13 18:21:09
ComboFix-quarantined-files.txt  2008-04-13 16:20:56
ComboFix2.txt  2008-04-13 11:18:28
Pre-Run: 88,597,159,936 byte ledig
Post-Run: 88,586,153,984 byte ledig
.
2008-03-20 12:47:56    --- E O F --- 


Username "sanne" - 13-04-2008 17:56:21 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"SO5 Integrator Pass Two"="C:\\WINDOWS\\SOINTGR.EXE"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Programmer\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programmer\\Logitech\\Video\\LogiTray.exe"
"ShStatEXE"="\"C:\\Programmer\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Programmer\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Programmer\\Fælles filer\\Network Associates\\TalkBack\\TBMon.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"HP Component Manager"="\"C:\\Programmer\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Programmer\\HP\\HP Software Update\\HPWuSchd2.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"
"Steam"="\"c:\\programmer\\valve\\steam\\steam.exe\" -silent"
"swg"="C:\\Programmer\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

De gamle linier med Nameserver er dukket op igen - du er nødt til at køre denne http://downloads.subratam.org/Fixwareout.exe lige som sidst. Se evt. den vejledning karise_larry skrev højere oppe

Her er så loggen.

Username "sanne" - 13-04-2008 19:26:47 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.92 85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{57A93089-98C0-4399-9BAA-B359DAF14813}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{76329FCE-0202-47EE-BCC2-ED4A7F161427}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{917D29FE-1B6D-40B9-B64F-CA5435119611}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F5C6B28E-440F-4BA9-9483-6C982277B17A}
"nameserver"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3ADEC526-BBAC-437F-B19B-AB5EC5D46FA7}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{57A93089-98C0-4399-9BAA-B359DAF14813}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{76329FCE-0202-47EE-BCC2-ED4A7F161427}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{917D29FE-1B6D-40B9-B64F-CA5435119611}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F5C6B28E-440F-4BA9-9483-6C982277B17A}
"DhcpNameServer"="85.255.113.92,85.255.112.83" <Value cleared.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"SO5 Integrator Pass Two"="C:\\WINDOWS\\SOINTGR.EXE"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Programmer\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programmer\\Logitech\\Video\\LogiTray.exe"
"ShStatEXE"="\"C:\\Programmer\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Programmer\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Programmer\\Fælles filer\\Network Associates\\TalkBack\\TBMon.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"HP Component Manager"="\"C:\\Programmer\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Programmer\\HP\\HP Software Update\\HPWuSchd2.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"
"Steam"="\"c:\\programmer\\valve\\steam\\steam.exe\" -silent"
"swg"="C:\\Programmer\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

HiJackThis kan så vise om der er væk eller ej.

Jeg er måske ikke på mere i aften, så hvis andre får tid og lyst til at hjælpe er de velkommen for min skyld.

Og her er de 3 andre logfiler hvis de skal bruges

ComboFix 08-04-12.5 - sanne 2008-04-13 19:56:42.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.186 [GMT 2:00]
Running from: C:\Documents and Settings\sanne\Skrivebord\Virus hjælpe filer og programmer\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-03-13 to 2008-04-13  )))))))))))))))))))))))))))))))
.

2008-04-13 10:15 . 2008-04-13 10:15    <DIR>    d--------    C:\Programmer\CCleaner
2008-04-13 10:07 . 2008-04-13 19:29    <DIR>    d--------    C:\fixwareout
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-12 12:29 . 2008-04-12 12:29    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\SUPERAntiSpyware.com
2008-04-12 12:28 . 2008-04-12 12:28    <DIR>    d--------    C:\Documents and Settings\sanne\DoctorWeb
2008-04-09 19:18 . 2008-04-09 19:18    3,648    --a------    C:\WINDOWS\system32\bjanqaii.dll
2008-04-07 15:58 . 2008-04-09 18:11    1,555,471    ---hs----    C:\WINDOWS\system32\mvuqnnis.ini
2008-04-07 14:55 . 2008-04-07 14:55    2,123,122    ---hs----    C:\WINDOWS\system32\rnhfqvwu.ini
2008-04-02 17:31 . 2008-04-07 14:50    1,592,281    ---hs----    C:\WINDOWS\system32\xxkmjwxo.ini
2008-03-31 21:23 . 2008-04-02 17:24    1,597,654    ---hs----    C:\WINDOWS\system32\dgnxiwmv.ini
2008-03-30 21:22 . 2008-03-31 21:23    1,597,474    ---hs----    C:\WINDOWS\system32\wofopohj.ini
2008-03-30 20:52 . 2008-03-30 20:52    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\4
2008-03-30 20:47 . 2008-03-30 20:47    <DIR>    dr-------    C:\Documents and Settings\All Users\Application Data\4
2008-03-30 20:46 . 2008-04-13 13:07    <DIR>    d--------    C:\Programmer\4
2008-03-30 17:31 . 2008-03-30 17:31    261,664    --a------    C:\Documents and Settings\sanne\Application Data\setup_dk[1].exe
2008-03-28 18:18 . 2008-03-29 21:21    1,584,057    ---hs----    C:\WINDOWS\system32\cuvkxqad.ini
2008-03-27 17:08 . 2008-03-28 18:17    1,584,079    ---hs----    C:\WINDOWS\system32\jpstsfvt.ini
2008-03-18 18:27 . 2008-04-13 19:16    <DIR>    d--------    C:\quarantine
2008-03-18 16:42 . 2008-03-18 16:42    <DIR>    d--------    C:\Program Files
2008-03-18 00:21 . 2008-03-25 20:42    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 21:06 . 2008-04-09 21:56    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\LimeWire
2008-03-16 00:36 . 2008-03-16 00:36    21,035    --a------    C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-16 00:35 . 2008-03-16 00:35    <DIR>    d--------    C:\Programmer\NETGEAR
2008-03-16 00:35 . 2008-03-16 00:35    <DIR>    d--------    C:\Documents and Settings\sanne\Application Data\InstallShield
2008-03-16 00:35 . 2007-04-26 16:00    1,069,056    --a------    C:\WINDOWS\system32\libeay32.dll
2008-03-16 00:35 . 2005-07-19 14:53    966,765    --a------    C:\WINDOWS\system32\acAuth.dll
2008-03-16 00:35 . 2007-05-16 17:23    356,352    --a------    C:\WINDOWS\system32\SCMLib.dll
2008-03-16 00:35 . 2007-05-16 15:17    262,144    --a------    C:\WINDOWS\system32\WG1v2lib.dll
2008-03-16 00:35 . 2007-02-06 23:22    194,304    --a------    C:\WINDOWS\system32\drivers\wg111v2.sys
2008-03-16 00:35 . 2005-01-25 00:30    143,360    --a------    C:\WINDOWS\system32\IpLib.dll
2008-03-16 00:35 . 2006-07-27 00:26    36,864    --a------    C:\WINDOWS\system32\RtlGina2.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 15:49    ---------    d-----w    C:\Programmer\Logitech
2008-04-13 15:45    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-04-09 19:49    ---------    d-----w    C:\Programmer\Diablo II
2008-04-09 16:15    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-12 18:05    ---------    d-----w    C:\Documents and Settings\sanne\Application Data\MSN6
2008-03-12 18:05    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\MSN6
.

(((((((((((((((((((((((((((((  snapshot@2008-04-13_11.31.20.98  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 09:26:00    12,360    ----a-w    C:\WINDOWS\system32\tablet.dat
+ 2008-04-13 17:28:22    12,360    ----a-w    C:\WINDOWS\system32\tablet.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-03-28 18:18 1271032]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 21:33 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-04-06 11:35 1228800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 18:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2002-07-30 15:50 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 05:20 20480]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-01-19 11:05 221184]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-19 11:45 458752]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-19 11:39 217088]
"ShStatEXE"="C:\Programmer\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 12:56 188416]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-03-15 19:08:06 241664]
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2004-03-15 19:45:34 53248]
Hurtig start af Microsoft Office OneNote 2003.lnk - C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Programmer\NETGEAR\WG111v2\WG111v2.exe [2008-03-16 00:35:57 1261568]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-02-04 21:26:27 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-02-16 17:51 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-03-08 12:32 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"C:\\Programmer\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"C:\\Programmer\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\counter-strike\\hl.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\hviidratleff\\counter-strike source\\hl2.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Valve\\Steam\\steam.exe"=

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 23:22]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-13 17:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 19:59:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
Completion time: 2008-04-13 19:59:40
ComboFix-quarantined-files.txt  2008-04-13 17:59:29
ComboFix2.txt  2008-04-13 16:21:09
ComboFix3.txt  2008-04-13 11:18:28
Pre-Run: 88,595,640,320 byte ledig
Post-Run: 88,584,921,088 byte ledig
.
2008-03-20 12:47:56    --- E O F --- 


Logfile of HijackThis v1.99.1
Scan saved at 19:37:01, on 13-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\sanne\Skrivebord\Virus hjælpe filer og programmer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157310116818
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A93089-98C0-4399-9BAA-B359DAF14813}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{76329FCE-0202-47EE-BCC2-ED4A7F161427}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{917D29FE-1B6D-40B9-B64F-CA5435119611}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C6B28E-440F-4BA9-9483-6C982277B17A}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


SUPERAntiSpyware Scan Log
Generated 04/13/2008 at 07:51 PM

Core Rules Database Version : 2847
Trace Rules Database Version: 1028

Memory threats detected  : 0
Registry threats detected : 0
File threats detected    : 0

Det var da alligevel pokkers *S*

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A93089-98C0-4399-9BAA-B359DAF14813}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{76329FCE-0202-47EE-BCC2-ED4A7F161427}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{917D29FE-1B6D-40B9-B64F-CA5435119611}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C6B28E-440F-4BA9-9483-6C982277B17A}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{190243D5-FFA1-4EEF-A739-EE2D37BC90B5}: NameServer = 85.255.113.92,85.255.112.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.83

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

Disse "85.255.113.92,85.255.112.83" linier bør så være ædt !!!

------------------------------------------------------------------------

Der er liiiiige noget som "prikker" til mig ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\bjanqaii.dll
C:\WINDOWS\system32\mvuqnnis.ini
C:\WINDOWS\system32\rnhfqvwu.ini
C:\WINDOWS\system32\xxkmjwxo.ini
C:\WINDOWS\system32\dgnxiwmv.ini
C:\WINDOWS\system32\wofopohj.ini
C:\Documents and Settings\sanne\Application Data\setup_dk[1].exe
C:\WINDOWS\system32\cuvkxqad.ini
C:\WINDOWS\system32\jpstsfvt.ini

Folders to delete:
C:\Programmer\LimeWire
C:\Documents and Settings\sanne\Application Data\LimeWire
~~~~~~~~~~~~~~~~~~

--- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

Okay. Nu har jeg kørt de to nye prg. og deres log kommer her:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:27:41, on 14-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\hpcoretech\comp\hptskmgr.exe
C:\Programmer\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\sanne\Skrivebord\HiJackThis ny version.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157310116818
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8299 bytes


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished!  Terminate.

Jeg kan lige tilføje at de to gange meddelelser fra "quickCam" om at der er sket en fejl og prg. lukkes stadigvæk kommer frem.
Og internettet er ikke kommet tilbage.

Din log ser igen nogenlunde ren ud - bortset fra at du kan fixe denne:

O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - (no file)

Og så prøv lige at køre denne igen http://www.cexx.org/LSPFix.exe

Det lyder godt. Jeg har fået fjernet de sidste rester af "quickcam" så det nu ikke dukker op mere, endvidere er jeg kommet på nettet.
Jeg fjerner den sidste fil du omtaler, når jeg kommer hjem fra job og prøver derefter lspfix.

Hvis du er kommet på nettet behøver du ikke køre lspfix.

Det er fint. Jeg siger mange tak for hjælpen og kvitterer med pointene til dig nva.
Håber at det er okay med dig Karise_Larry!!

Jeg deler gerne med karise_larry, hvis han også lægger et svar.

Pas nu på med sådan noget som Limewire osv ...

--------

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Hej Begge
Jeg siger endnu en gang tak og kigger på de sidste råd og sender dem videre til min kollega.