---

godt nytår

jeg har fået en virus som jeg ikke kan fjerne

min antivirusprogram er Avast 4,7 pro

Malware name: malware-gen
Malware type : virus/worm

filnavnet/placeringen: lokale indstillinger/temp/1.reg
-----------------------------------

har prøvet næsten alt : malwarescanner - spyboot
men det hjælper ikke

---

Kør Ccleaner(1) SAS(2) Hijackthis(5) Combofix(6)
i nævnte rækkefølge herfra www.arlet.dk/rens.htm


Jeg skal se logs fra punkt 2, 3 og 6

---

ok jeg går igang nu

---

hej arlet:

du mener logs fra punkt: 2,5,6 ikke ?`

---

Jeg kan roligt svare ja til dit spørgsmål angående logs.

---

her kommer logs:

nr 6 fra combofix:
----------------------

ComboFix 07-12-31.4 - allan 2008-01-01 17:28:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.420 [GMT 1:00]
Running from: C:\Dokumenter\Downloads\til bekæmpelse\ComboFix.exe
* Created a new restore point
.
[color=purple]The following files were disabled during the run:[/color]
C:\Programmer\GDS for OE\hookgdsoe.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe blev ikke fundet.

.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 17:28 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-01 17:25 . 2008-01-01 17:25   <DIR>   d--------   C:\Programmer\backups
2008-01-01 17:18 . 2007-07-06 18:39   401,720   --a------   C:\Programmer\HJTrenamed.exe
2008-01-01 15:51 . 2008-01-01 15:51   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-01 15:50 . 2008-01-01 15:53   <DIR>   d--------   C:\Programmer\SUPERAntiSpyware
2008-01-01 15:50 . 2008-01-01 15:50   <DIR>   d--------   C:\Documents and Settings\allan\Application Data\SUPERAntiSpyware.com
2008-01-01 15:39 . 2008-01-01 15:39   <DIR>   d--------   C:\Programmer\CCleaner
2008-01-01 09:03 . 2008-01-01 09:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 09:01 . 2008-01-01 15:17   <DIR>   d--------   C:\Programmer\Fælles filer\Symantec Shared
2007-12-31 14:25 . 2007-12-31 14:25   <DIR>   d--------   C:\Programmer\MalwareRemover.com
2007-12-31 10:24 . 2007-12-31 10:24   <DIR>   d--------   C:\Programmer\Lavasoft
2007-12-30 22:47 . 2007-12-30 22:51   21,216,112   --a------   C:\aaw2007.exe
2007-12-30 22:46 . 2007-12-30 22:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 22:45 . 2007-12-30 22:46   7,467,056   --a------   C:\spybotsd15.exe
2007-12-30 22:24 . 2007-12-30 22:24   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 21:08 . 2007-12-30 21:19   <DIR>   d--------   C:\Programmer\Pro Pinball
2007-12-30 21:08 . 2007-12-30 21:08   <DIR>   d--------   C:\Documents and Settings\allan\Application Data\InstallShield
2007-12-30 21:01 . 2007-12-30 21:01   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-12-30 20:13 . 2007-12-30 20:13   <DIR>   d--------   C:\Programmer\Virgin Media Games
2007-12-30 20:13 . 2007-12-30 20:13   <DIR>   d--------   C:\Programmer\Fælles filer\Oberon Media
2007-12-30 19:23 . 2007-12-30 19:23   <DIR>   d--------   C:\Programmer\WildSnake Software
2007-12-28 21:53 . 2007-12-28 21:55   <DIR>   d--------   C:\Programmer\Winamp
2007-12-28 21:53 . 2007-12-28 22:12   <DIR>   d--------   C:\Documents and Settings\allan\Application Data\Winamp
2007-12-28 20:21 . 2007-12-28 20:21   <DIR>   d--------   C:\DataSecurityWizard
2007-12-28 17:14 . 2007-12-31 10:40   <DIR>   d--------   C:\Dokumenter
2007-12-28 17:08 . 2007-12-28 17:08   <DIR>   d--------   C:\Programmer\Software by Design
2007-12-28 17:08 . 2006-04-12 06:00   90,112   ---------   C:\WINDOWS\SDUnInst.exe
2007-12-28 17:04 . 2007-12-28 17:04   <DIR>   d--------   C:\Programmer\DNA
2007-12-28 17:04 . 2007-12-28 17:04   <DIR>   d--------   C:\Programmer\BitTorrent
2007-12-28 17:04 . 2008-01-01 17:24   <DIR>   d--------   C:\Documents and Settings\allan\Application Data\DNA
2007-12-25 15:22 . 2007-12-25 15:25   <DIR>   d--------   C:\Programmer\TuneUp Utilities 2008
2007-12-25 15:22 . 2007-12-25 15:22   <DIR>   d--------   C:\Documents and Settings\allan\Application Data\TuneUp Software
2007-12-25 15:22 . 2007-12-25 15:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-25 15:22 . 2007-12-25 15:22   306,432   --a------   C:\WINDOWS\system32\TuneUpDefragService.exe
2007-12-25 15:22 . 2007-12-20 10:41   29,440   --a------   C:\WINDOWS\system32\uxtuneup.dll
2007-12-25 15:21 . 2008-01-01 15:50   <DIR>   d--------   C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-25 15:17 . 2007-12-24 14:06   13,303,495   --a------   C:\Tune up 2008 crack.rar
2007-12-16 15:18 . 2007-12-16 15:18   108,474   --a------   C:\http___www.tekstmaskinen.net_eksempler_cv_eksempel_cv_11.pdf
2007-12-16 15:17 . 2007-12-16 15:17   36,720   --a------   C:\akl.pdf
2007-12-16 15:16 . 2007-12-16 15:16   <DIR>   d--------   C:\Programmer\GPLGS
2007-12-16 15:15 . 2007-07-12 22:33   87,552   --a------   C:\WINDOWS\system32\cpwmon2k.dll
2007-12-16 15:14 . 2007-12-16 15:14   <DIR>   d--------   C:\Programmer\Acro Software
2007-12-14 14:02 . 2007-12-14 14:02   <DIR>   d--------   C:\Documents and Settings\Clara Klockmann\Application Data\Teleca
2007-12-14 14:02 . 2007-12-14 14:02   <DIR>   d--------   C:\Documents and Settings\Clara Klockmann\Application Data\FirstClass
2007-12-14 14:01 . 2006-02-03 16:27   <DIR>   d---s----   C:\Documents and Settings\Clara Klockmann\UserData
2007-12-14 14:01 . 2007-12-14 14:51   <DIR>   d--------   C:\Documents and Settings\Clara Klockmann\Skrivebord
2007-12-14 14:01 . 2007-01-24 16:37   <DIR>   d--h-----   C:\Documents and Settings\Clara Klockmann\Skabeloner
2007-12-14 14:01 . 2006-02-03 15:16   <DIR>   d--h-----   C:\Documents and Settings\Clara Klockmann\Printere
2007-12-14 14:01 . 2006-02-03 15:16   <DIR>   dr-------   C:\Documents and Settings\Clara Klockmann\Menuen Start
2007-12-14 14:01 . 2006-02-03 15:16   <DIR>   d--h-----   C:\Documents and Settings\Clara Klockmann\Lokale indstillinger
2007-12-14 14:01 . 2007-12-14 14:08   <DIR>   dr-------   C:\Documents and Settings\Clara Klockmann\Foretrukne
2007-12-14 14:01 . 2007-12-14 14:02   <DIR>   dr-------   C:\Documents and Settings\Clara Klockmann\Dokumenter
2007-12-14 14:01 . 2006-02-11 23:54   <DIR>   d--------   C:\Documents and Settings\Clara Klockmann\Application Data\CyberLink
2007-12-14 14:01 . 2006-02-03 15:16   <DIR>   d--h-----   C:\Documents and Settings\Clara Klockmann\Andre computere
2007-12-13 19:17 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2007-12-13 18:36 . 2007-12-13 18:36   <DIR>   d--------   C:\Programmer\Alwil Software
2007-12-13 18:36 . 2007-12-04 14:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-12-13 18:36 . 2004-01-09 11:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2007-12-13 18:36 . 2007-12-04 13:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2007-12-13 18:36 . 2007-12-04 15:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-13 18:36 . 2007-12-04 15:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-13 18:36 . 2007-12-04 15:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-13 18:36 . 2007-12-04 15:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-13 18:36 . 2007-12-04 15:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-06 09:49 . 2007-12-06 09:49   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2007-12-05 18:17 . 2007-12-15 19:50   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2007-12-05 18:17 . 2007-12-05 18:17   1,409   --a------   C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:28   ---------   d-----w   C:\Programmer\GDS for OE
2008-01-01 16:20   13,603   ----a-w   C:\Programmer\hijackthis.log
2008-01-01 16:14   ---------   d-----w   C:\Programmer\PestPatrol
2008-01-01 09:38   ---------   d-----w   C:\Documents and Settings\allan\Application Data\BitTorrent
2007-12-31 15:19   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 21:51   21,216,112   ----a-w   C:\aaw2007.exe
2007-12-30 21:24   ---------   d-----w   C:\Programmer\Microsoft Works
2007-12-30 20:08   ---------   d--h--w   C:\Programmer\InstallShield Installation Information
2007-12-30 09:47   ---------   d-----w   C:\Programmer\Fælles filer\Adobe
2007-12-17 09:14   ---------   d-----w   C:\Programmer\Brother's Keeper 6
2007-12-17 09:10   ---------   d-----w   C:\Programmer\PPStream
2007-12-17 09:10   ---------   d-----w   C:\Documents and Settings\allan\Application Data\ppstream
2007-12-14 20:07   ---------   d-----w   C:\Programmer\Google
2007-12-13 18:17   ---------   d-----w   C:\Programmer\Java
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 14:51   ---------   d-----w   C:\Documents and Settings\allan\Application Data\Download Manager
2007-11-17 17:24   ---------   d-----w   C:\Programmer\Windows Media Connect 2
2007-11-13 10:25   20,480   ------w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 18:48   ---------   d-----w   C:\Programmer\24goal
2007-11-11 18:29   ---------   d-----w   C:\Documents and Settings\allan\Application Data\SopCast
2007-11-11 18:09   ---------   d-----w   C:\Programmer\TVUPlayer
2007-11-11 18:08   ---------   d-----w   C:\Documents and Settings\allan\Application Data\TVU Networks
2007-11-11 16:26   ---------   d-----w   C:\Programmer\TVAnts
2007-11-11 15:51   ---------   d-----w   C:\Programmer\SopCast
2007-10-29 22:44   1,291,776   ------w   C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28   222,720   ----a-w   C:\WINDOWS\system32\wmasf.dll
2006-09-17 08:57   40,960   ----a-w   C:\Programmer\BROTHER'S
2007-06-13 13:22   228,572   --sh--r   C:\WINDOWS\iesetupi.exe
2006-02-11 12:32   56   --sha-r   C:\WINDOWS\system32\CAD6EA091F.sys
2006-05-26 05:06   12,314   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]
"Google Desktop for OE"="C:\Programmer\GDS for OE\gdsoe.exe" [2005-10-31 14:56 327680]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 19:52 376912]
"WMPNSCFG"="C:\Programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:30 204288]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-14 14:06 171448]
"BitTorrent DNA"="C:\Programmer\DNA\btdna.exe" [2007-12-28 17:04 290112]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Malware Scanner"="C:\Programmer\MalwareRemover.com\Malware Scanner\MalScr.exe" [2007-12-31 14:26 630784]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 22:38 88361 C:\WINDOWS\AGRSMMSG.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-27 13:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 13:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 13:00 455168]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-01 21:05 344064]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 08:58 761945]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"RemoteControl"="C:\Programmer\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCMService"="C:\Programmer\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 12:53 143360]
"PestPatrol Control Center"="C:\Programmer\PestPatrol\PPControl.exe" [2004-11-15 11:49 98304]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-02-11 23:53 155648]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 06:37 1836544]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmer\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-27 13:00 44032]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 09:06 577536 C:\WINDOWS\soundman.exe]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2006-02-11 23:51 180269]
"PPMemCheck"="C:\Programmer\PestPatrol\PPMemCheck.exe" [2004-04-02 15:11 148480]
"CookiePatrol"="C:\Programmer\PestPatrol\CookiePatrol.exe" [2005-01-10 09:35 73728]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"iesetupi.exe"="iesetupi.exe" [2007-06-13 14:22 228572 C:\WINDOWS\iesetupi.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"iesetupi.exe"="iesetupi.exe" [2007-06-13 14:22 228572 C:\WINDOWS\iesetupi.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
ZDWLan Utility.lnk - C:\Programmer\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-01-24 17:25:29]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

R1 wbsecdrv;wbsecdrv Protocol Driver;C:\WINDOWS\system32\DRIVERS\wbsecdrv.sys [2005-06-14 14:20]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-27 13:00]
R2 wbsecsvc;wbsecsvc;C:\WINDOWS\system32\wbsecsvc.exe [2005-04-30 15:40]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 11:36]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2006-02-21 16:32]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-11-18 23:02]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-25 15:22]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E}]
C:\WINDOWS\system32\msiexec.exe /fup {9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E} /q
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 16:34:04 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmer\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 17:32:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 17:32:55
.
2007-12-11 20:03:24   --- E O F ---






log til nr 5 Hijacks this:
--------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:15, on 01-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbsecsvc.exe
C:\Programmer\Home Cinema\PowerDVD\PDVDServ.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\Programmer\PestPatrol\PPControl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Windows Media Player\WMPNetwk.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\PestPatrol\PPMemCheck.exe
C:\Programmer\PestPatrol\CookiePatrol.exe
C:\Programmer\Fælles filer\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\iesetupi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\DNA\btdna.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\24goal\goal.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmer\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmer\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmer\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmer\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iesetupi.exe] iesetupi.exe
O4 - HKLM\..\RunServices: [iesetupi.exe] iesetupi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop for OE] "C:\Programmer\GDS for OE\gdsoe.exe" install
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmer\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Malware Scanner] C:\Programmer\MalwareRemover.com\Malware Scanner\MalScr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 24goal.lnk = C:\Programmer\24goal\goal.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmer\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138980483438
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager-kontrol) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13B83553-ECCE-4183-A5F0-4F439A17D0C7}: NameServer = 194.239.134.83,193.162.153.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{13B83553-ECCE-4183-A5F0-4F439A17D0C7}: NameServer = 194.239.134.83,193.162.153.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{13B83553-ECCE-4183-A5F0-4F439A17D0C7}: NameServer = 194.239.134.83,193.162.153.164
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13601 bytes


-----------------------------



logs til antispyware scanneren nr 2: følger lige lidt senere


hejsa

---

her er så logs fra nr 2:
-------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/01/2008 at 05:08 PM

Application Version : 3.9.1008

Core Rules Database Version : 3371
Trace Rules Database Version: 1366

Scan type : Complete Scan
Total Scan Time : 01:14:26

Memory items scanned : 550
Memory threats detected : 0
Registry items scanned : 7726
Registry threats detected : 0
File items scanned : 40584
File threats detected : 28

Adware.Tracking Cookie
   C:\Documents and Settings\allan\Cookies\allan@tradedoubler[2].txt
   C:\Documents and Settings\allan\Cookies\allan@ad.yieldmanager[2].txt
   C:\Documents and Settings\allan\Cookies\allan@adbrite[1].txt
   C:\Documents and Settings\allan\Cookies\allan@ads.adbrite[2].txt
   C:\Documents and Settings\allan\Cookies\allan@3.adbrite[3].txt
   C:\Documents and Settings\allan\Cookies\allan@doubleclick[1].txt
   C:\Documents and Settings\allan\Cookies\allan@tribalfusion[1].txt
   C:\Documents and Settings\allan\Cookies\allan@clicktorrent[3].txt
   C:\Documents and Settings\allan\Cookies\allan@fastclick[2].txt
   C:\Documents and Settings\allan\Cookies\allan@eas.apm.emediate[1].txt
   C:\Documents and Settings\allan\Cookies\allan@3.adbrite[1].txt
   C:\Documents and Settings\allan\Cookies\allan@ad1.emediate[2].txt
   C:\Documents and Settings\allan\Cookies\allan@ad2.ip[1].txt
   C:\Documents and Settings\allan\Cookies\allan@adbrite[2].txt
   C:\Documents and Settings\allan\Cookies\allan@ads.mobygames[1].txt
   C:\Documents and Settings\allan\Cookies\allan@ads.revsci[1].txt
   C:\Documents and Settings\allan\Cookies\allan@banner.fynskemedier[2].txt
   C:\Documents and Settings\allan\Cookies\allan@bannere.fyens[2].txt
   C:\Documents and Settings\allan\Cookies\allan@clicktorrent[1].txt
   C:\Documents and Settings\allan\Cookies\allan@eas4.emediate[1].txt
   C:\Documents and Settings\allan\Cookies\allan@enhance[2].txt
   C:\Documents and Settings\allan\Cookies\allan@mediabuy.uk.smarttargetting[1].txt
   C:\Documents and Settings\allan\Cookies\allan@partypoker[2].txt
   C:\Documents and Settings\allan\Cookies\allan@stat.postdanmark[1].txt
   C:\Documents and Settings\allan\Cookies\allan@stat.ppstream[2].txt
   C:\Documents and Settings\allan\Cookies\allan@virginmedia[1].txt
   C:\Documents and Settings\allan\Cookies\allan@yadro[2].txt
   C:\Documents and Settings\allan\Cookies\allan@yourmedia[1].txt

---

Jeg har ikke den store forstand på logs, men jeg kan give dig et tip, som stl_s gav mig for ca. 10 dage siden, da jeg havde problemmer med en langsom computer.
Jeg bruge avast lige som dig og havde bl.a. også Ad-Adware på computer i deaktiveret tilstand.
Stl_s rådede mig til at fjerne den. Han skrev, at den brugte forholdsvis mange ressurcer selv i denne tilstand og at den stort set var overflødig..
Hvis du fjerner den, så lav et registry scan med CCleaner bagefter. Den fjerner et par filer mere.

---

har du fjernet din ad-ware og kører kun med avast
avast kan måske klare det hele ?


jeg synes bare ikke avast er helt 100% super
jeg har problemer med at når jeg scanner, at den
skriver til mig at "scan archive files" er "disable"
den kan jeg ikke indstille til "able"

---

Ja, du har noget skidt, så prøv denne:

Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Genstart i fejlsikret, hvis du ikke ved hvordan så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html


Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

---

heja
det prøver jeg
tak

---

Hvorfor bruger du Avast på engelsk ? Du kan få den på dansk her på denne side (vent til du er færdigrenset) http://www.avast.com/eng/download-avast-professional.html Tjek så, om du så ikke kan aktivere scanning af pakkede filer.

Ja, luk for Ad-Watch. Den er værdiløs, bruger ressourcer, og laver nogle gange "rav" i maskinen. Arlet har formentlig et bedre alternativ til dig, når du er færdigrenset

---

jeg kan da lige kort fortælle at advarslen med virusen kommer lige når jeg har startet winxp op
og gør det stadigvæk.


tak til stl_s


hej arlet:
her er log filen



SDFix: Version 1.121

Run by allan on 01-01-2008 at 19:07

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 19:22:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Programmer\\DNA\\btdna.exe"="C:\\Programmer\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Programmer\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Programmer\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Disabled:Connection Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 13 Jun 2007 228,572 ..SHR --- "C:\WINDOWS\iesetupi.exe"
Fri 29 Jun 2007 22 ...H. --- "C:\Programmer\Brother's Keeper 6\bkuser.reg"
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Programmer\Messenger\msmsgs.exe"
Fri 27 Aug 2004 60,416 A.SH. --- "C:\Programmer\Outlook Express\msimn.exe"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sat 11 Feb 2006 56 A.SHR --- "C:\WINDOWS\system32\CAD6EA091F.sys"
Fri 26 May 2006 12,314 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 27 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 17 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 1 Jan 2008 96 A..H. --- "C:\Programmer\Common Files\X10\Common\x10prod.sys"
Sat 11 Aug 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93a233c2dff315e0408559775486f5b2\BIT1E.tmp"
Sat 27 May 2006 4,348 A..H. --- "C:\Documents and Settings\allan\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1key.bak"
Sun 28 May 2006 20 A..H. --- "C:\Documents and Settings\allan\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1lic.bak"
Sat 27 May 2006 400 A.SH. --- "C:\Documents and Settings\allan\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2key.bak"

Finished!

---

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet på skrivebordet med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\iesetupi.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"iesetupi.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iesetupi.exe"=-
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen(den røde med X´et), hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log

---

jeg har afinstalleret combofilen jeg var lidt for hurtig
men installerer den nu igen

---

har installeret combo igen, men jeg har ikke nogen ikon for programmet på skrivebordet som jeg kan trække filen hen i
synes heller ikke jeg kan finde programmet
er det fordi jeg har afstalleret de 3 programmer som du bad mig installere ?

---

hejsa
jeg har problemer med nettet lige pt.
vender tilbage i morgen

god aften.

---

hej igen

jeg har kørt den sidste test, og det ser ud til at den virus/orm som jeg fik tidligere når jeg startede op er VÆK, så det er SUPER, men samtidig får jeg nu en windows sikkerhedsadvarsel
fra min firewall om:
"vil du fortsat blokere dette program:
navn: btdna
udgiver: ukendt

og denne også:

navn: connection manager
udgiver: microsoft

jeg er i tvivl om jeg kan fjerne blokeringen af disse

---

btdna er hvad jeg har læst mig frem til NOGET SKIDT
her er fremgangsmåden for denne:

• Deaktiver Remote Access Connection Manager-tjenesten

Deaktivering af Remote Access Connection Manager-tjenesten vil være med til at beskytte det berørte system mod forsøg på at udnytte denne sårbarhed. Følg denne fremgangsmåde for at deaktivere RASMAN-tjenesten (Remote Access Connection Manager):

1.
Klik på Start, og klik derefter på Kontrolpanel .Alternativt kan du pege på Indstillinger og derefter klikke på Kontrolpanel.

2.
Dobbeltklik på Administration.

3.
Dobbeltklik på Tjenester.

4.
Dobbeltklik på Remote Access Connection Manager

5.
Klik på Deaktiveret i listen Starttype.

6.
Klik på Stop, og klik derefter på OK.


Du kan også stoppe og deaktivere RASMAN-tjenesten (Remote Access Connection Manager) ved at bruge følgende kommando i kommandoprompten:


således har jeg gjort
og hermed får jeg ikke advarslen om denne fil mere

Har jeg gjort noget forkert tror I ?

---

Kan det ikke være denne der vil connecte ? http://www.castlecops.com/s16002-btdna_exe.html

---

jeg har sat min opsætning tilbage igen
jeg kunne åbenbart ikke deaktivere Connection manager
men tror også det kører nu

mange tak til alle

---

Tak for svaret arlet.

---

Med ulovlig fildeling og crackede programmer kommer Du vel igen, hvor tror Du selv at snavset kommer fra ??

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.