Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

log chech

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

log chech

Unread postby src » July 9th, 2010, 3:05 pm

can someone please check my comodo and hjt log ty

ComboFix 10-07-07.02 - Slawomir 08-07-2010 21:10:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.2814.1824 [GMT 2:00]
Kører fra: c:\program files\gamigo AG\ComboFix.exe
Kommandoer benyttet :: c:\program files\gamigo AG\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((( Filer skabt fra 2010-06-08 til 2010-07-08 )))))))))))))))))))))))))))))))))))
.

2010-07-07 15:13 . 2010-07-07 15:14 ———— d——-w- C:\Python31
2010-07-07 15:11 . 2010-07-07 15:11 ———— d——-w- c:\program files\Blender Foundation
2010-07-03 17:40 . 2010-07-03 17:40 ———— d——-w- c:\documents and settings\All Users\Application Data\NOS
2010-07-03 17:40 . 2010-07-03 17:40 ———— d——-w- c:\program files\NOS
2010-07-01 18:01 . 2010-07-01 18:01 ———— d——-w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-01 17:52 . 2010-07-01 17:53 ———— d——-w- c:\program files\Common Files\Alias Shared
2010-07-01 17:32 . 2010-07-01 17:32 ———— d——-w- c:\program files\Common Files\Macrovision Shared
2010-07-01 17:32 . 2010-07-01 17:32 ———— d——-w- c:\program files\Common Files\en-US
2010-07-01 17:32 . 2010-07-01 17:32 ———— d——-w- c:\program files\Common Files\ja-JP
2010-07-01 17:32 . 2010-07-01 17:52 ———— d——-w- c:\program files\Common Files\Autodesk Shared
2010-07-01 17:23 . 2010-07-01 17:51 ———— d——-w- c:\program files\Autodesk
2010-07-01 17:11 . 2010-07-01 18:09 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Autodesk
2010-07-01 17:11 . 2010-07-01 18:09 ———— d——-w- c:\documents and settings\All Users\Application Data\Autodesk
2010-07-01 17:02 . 2010-07-01 17:02 ———— d——-w- C:\Autodesk
2010-07-01 16:14 . 2010-07-01 16:14 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Indigo Renderer
2010-07-01 16:01 . 2010-07-01 18:33 ———— d——-w- c:\program files\Maya
2010-07-01 16:01 . 2010-07-01 23:19 ———— d——-w- c:\program files\Common Files\Akamai
2010-07-01 15:59 . 2010-07-01 15:59 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Geometric
2010-07-01 15:59 . 2010-07-01 15:59 ———— d——-w- c:\program files\3DPaintBrush
2010-06-30 22:20 . 2010-06-30 22:27 ———— d——-w- c:\program files\Truck_Racing_By_Renault_Trucks
2010-06-29 13:15 . 2010-06-28 20:57 38848 ——a-w- c:\windows\avastSS.scr
2010-06-29 06:55 . 2010-06-29 06:55 ———— d——-w- c:\program files\Common Files\Adobe AIR
2010-06-27 07:36 . 2010-06-27 07:36 ———— d——-w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-06-27 07:33 . 2010-07-01 15:07 ———— d——-w- c:\documents and settings\Slawomir\Application Data\HpUpdate
2010-06-27 07:33 . 2010-06-27 07:33 ———— d——-w- c:\windows\Hewlett-Packard
2010-06-27 06:37 . 2010-06-27 06:45 ———— d——-w- c:\documents and settings\Slawomir\Local Settings\Application Data\ZoneAlarm
2010-06-27 06:37 . 2010-06-27 06:37 ———— d——-w- c:\program files\ZoneAlarm
2010-06-27 06:30 . 2010-07-08 19:23 ———— d——-w- c:\windows\Internet Logs
2010-06-27 06:05 . 2010-06-27 06:44 ———— d——-w- c:\documents and settings\Slawomir\Local Settings\Application Data\Conduit
2010-06-27 06:05 . 2010-06-27 06:05 ———— d——-w- c:\program files\Conduit
2010-06-24 20:54 . 2010-06-24 20:54 ———— d——-w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2010-06-24 08:11 . 2010-06-24 08:11 ———— d——-w- c:\windows\system32\winrm
2010-06-24 08:11 . 2010-06-24 08:12 ———— dc-h—w- c:\windows\$968930Uinstall_KB968930$
2010-06-23 10:05 . 2010-06-23 18:36 ———— d——-w- c:\documents and settings\Slawomir\Local Settings\Application Data\Unity
2010-06-23 09:43 . 2010-06-23 09:43 ———— d——-w- c:\program files\TurnTool
2010-06-23 09:43 . 2010-06-23 09:43 ———— d——-w- c:\documents and settings\Slawomir\Local Settings\Application Data\TurnTool
2010-06-22 19:48 . 2010-06-22 19:48 ———— d——-w- c:\documents and settings\Slawomir\Local Settings\Application Data\Kunos_Simulazioni
2010-06-22 19:38 . 2010-06-22 19:47 ———— d——-w- c:\program files\nkpro11
2010-06-20 08:22 . 2010-06-20 08:43 ———— d——-w- c:\documents and settings\Slawomir\Application Data\nHancer
2010-06-20 08:21 . 2010-06-20 08:26 ———— d——-w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-06-20 08:21 . 2010-06-20 08:21 ———— d——-w- c:\documents and settings\All Users\Application Data\Caphyon
2010-06-20 08:21 . 2010-06-20 08:24 ———— d——-w- c:\documents and settings\All Users\Application Data\nHancer
2010-06-20 07:48 . 2010-06-20 07:48 16400 ——a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-06-12 23:17 . 2010-06-23 17:51 ———— d——-w- c:\program files\Mohawk Voice
2010-06-11 11:53 . 2010-06-20 07:49 ———— d——-w- c:\documents and settings\All Users\Application Data\Logitech
2010-06-11 07:17 . 2010-06-11 07:17 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Leadertech
2010-06-11 07:17 . 2010-06-11 07:17 ———— d——-w- c:\documents and settings\Slawomir\Local Settings\Application Data\Logishrd
2010-06-11 07:15 . 2010-06-11 07:17 ———— d——-w- c:\documents and settings\All Users\Application Data\Logishrd
2010-06-11 07:02 . 2010-06-11 07:03 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Logishrd
2010-06-09 16:35 . 2010-06-09 16:57 ———— d——-w- C:\10fae33e86ed8159a4
2010-06-09 15:38 . 2010-05-06 10:41 743424 -c——w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
. 2010-07-08 19:10 . 2010-04-18 13:37 ———— d——-w- c:\program files\gamigo AG
2010-07-07 19:21 . 2010-04-21 08:27 ———— d——-w- c:\program files\Steam
2010-07-07 14:58 . 2010-07-01 07:13 3511816 ——a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-06 15:43 . 2010-04-18 11:39 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Skype
2010-07-06 14:43 . 2010-04-18 16:39 ———— d——-w- c:\documents and settings\Slawomir\Application Data\skypePM
2010-07-03 12:48 . 2010-04-18 13:06 ———— d——-w- c:\program files\rFactor
2010-07-02 13:32 . 2010-04-18 11:47 ———— d——-w- c:\program files\SUPERAntiSpyware
2010-06-29 16:26 . 2010-04-18 11:36 ———— d——-w- c:\program files\Microsoft Security Essentials
2010-06-28 20:57 . 2010-04-18 11:13 165032 ——a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-18 11:14 46672 ——a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-18 11:14 165456 ——a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-18 11:14 23376 ——a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-18 11:14 100176 ——a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-18 11:14 94544 ——a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-18 11:14 17744 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-18 11:14 28880 ——a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-27 07:35 . 2010-04-19 23:34 ———— d——-w- c:\program files\HP
2010-06-27 07:06 . 2010-04-18 14:03 ———— d——-w- c:\program files\Opera
2010-06-27 07:04 . 2010-04-26 08:20 ———— d——-w- c:\program files\BurnAware Free
2010-06-27 07:02 . 2010-04-26 08:17 ———— d——-w- c:\program files\Defraggler
2010-06-27 07:00 . 2010-04-18 11:51 ———— d——-w- c:\program files\CCleaner
2010-06-27 06:36 . 2010-04-19 14:56 4212 —-ha-w- c:\windows\system32\zllictbl.dat
2010-06-27 06:36 . 2010-06-27 06:36 ———— d——-w- c:\program files\Zone Labs
2010-06-24 20:53 . 2010-04-18 09:56 ———— d——-w- c:\program files\NVIDIA Corporation
2010-06-24 20:53 . 2010-04-18 09:57 ———— d——-w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-23 18:35 . 2010-05-04 20:16 ———— d——-w- c:\program files\ZaZ Gp4 tools
2010-06-23 18:34 . 2010-04-26 13:27 ———— d——-w- c:\program files\FreeTrack
2010-06-23 18:34 . 2010-05-03 13:11 ———— d——-w- c:\program files\Race2Play
2010-06-23 18:27 . 2010-06-08 12:24 ———— d——-w- c:\program files\ui
2010-06-23 18:12 . 2010-06-08 12:24 1733 ——a-w- c:\program files\gmax.ini
2010-06-23 11:51 . 2010-06-27 06:36 1238528 ——a-w- c:\windows\system32\zpeng25.dll
2010-06-23 11:51 . 2010-06-27 06:36 69120 ——a-w- c:\windows\system32\zlcomm.dll
2010-06-23 11:51 . 2010-06-27 06:36 103936 ——a-w- c:\windows\system32\zlcommdb.dll
2010-06-22 07:05 . 2010-04-25 19:18 ———— d——-w- c:\program files\FlightGear
2010-06-11 07:36 . 2010-06-08 12:50 64 ——a-w- c:\program files\maxscrpt.dsk
2010-06-11 07:17 . 2010-04-18 16:29 ———— d——-w- c:\program files\Common Files\Logishrd
2010-06-11 07:16 . 2010-04-18 12:38 ———— d——-w- c:\program files\Logitech
2010-06-11 07:13 . 2010-04-18 12:38 ———— d——-w- c:\program files\Common Files\Logitech
2010-06-11 07:11 . 2010-04-18 09:50 ———— d—h—w- c:\program files\InstallShield Installation Information
2010-06-11 07:02 . 2010-04-18 12:46 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Logitech
2010-06-11 06:42 . 2010-04-26 08:16 ———— d——-w- c:\documents and settings\Slawomir\Application Data\WinPatrol
2010-06-09 14:42 . 2010-04-18 11:37 ———— d——-w- c:\program files\TeamSpeak 3 Client
2010-06-08 13:04 . 2010-06-08 13:03 359 ——a-w- c:\program files\gmax.log
2010-06-08 12:41 . 2010-06-08 12:24 ———— d——-w- c:\program files\autoback
2010-06-08 12:27 . 2010-06-08 12:26 ———— d——-w- c:\program files\PlugCFG
2010-06-08 12:26 . 2010-06-08 12:26 124 ——a-w- c:\program files\plugin.ini
2010-06-08 12:26 . 2010-06-08 12:26 ———— d——-w- c:\program files\Help
2010-06-04 09:07 . 2010-06-04 09:07 ———— d——-w- c:\documents and settings\All Users\Application Data\e-Safekey
2010-06-04 08:47 . 2010-04-18 11:44 ———— d——-w- c:\program files\Microsoft Silverlight
2010-06-04 07:58 . 2010-06-04 07:58 ———— d——-w- c:\documents and settings\All Users\Application Data\Synetic
2010-06-04 07:57 . 2010-06-04 07:56 ———— d——-w- c:\program files\Ferrari Virtual Race
2010-06-04 07:56 . 2010-06-04 07:54 ———— d——-w- c:\program files\BMW M3 Challenge
2010-06-03 15:15 . 2010-04-23 14:59 139920 ——a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-03 15:15 . 2010-05-14 19:34 214808 ——a-w- c:\windows\system32\PnkBstrB.exe
2010-06-03 14:38 . 2010-04-18 16:34 ———— d——-w- c:\program files\Electronic Arts
2010-06-02 09:06 . 2010-04-18 16:44 ———— d——-w- c:\documents and settings\Slawomir\Application Data\TS3Client
2010-06-02 08:34 . 2010-04-18 16:44 ———— d——-w- c:\documents and settings\All Users\Application Data\boost_interprocess
2010-06-02 02:55 . 2010-06-22 19:42 74072 ——a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-22 19:42 527192 ——a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-22 19:42 239960 ——a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 22:46 . 2010-06-01 22:46 ———— d——-w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-01 17:37 . 2010-04-18 11:34 221568 ———w- c:\windows\system32\MpSigStub.exe
2010-05-31 23:03 . 2010-05-31 23:03 ———— d——-w- c:\program files\IIS
2010-05-31 22:59 . 2010-04-18 11:42 ———— d——-w- c:\program files\Microsoft
2010-05-30 14:17 . 2010-05-29 11:52 ———— d——-w- c:\documents and settings\Slawomir\Application Data\FileZilla
2010-05-29 11:54 . 2010-04-26 08:16 ———— d——-w- c:\program files\FileZilla FTP Client
2010-05-28 10:58 . 2010-04-18 09:58 600680 ——a-w- c:\windows\system32\nvuninst.exe
2010-05-28 07:48 . 2010-04-18 16:28 ———— d—-a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-28 07:47 . 2010-04-18 11:49 ———— d——-w- c:\program files\SpywareBlaster
2010-05-28 07:09 . 2010-04-18 11:50 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware
2010-05-26 20:34 . 2010-05-26 20:34 ———— d——-w- c:\documents and settings\All Users\Application Data\Codemasters
2010-05-26 20:08 . 2010-04-18 13:57 ———— d——-w- c:\program files\McAfee
2010-05-26 19:56 . 2010-04-19 19:41 444952 ——a-w- c:\windows\system32\wrap_oal.dll
2010-05-26 19:56 . 2010-04-19 19:41 109080 ——a-w- c:\windows\system32\OpenAL32.dll
2010-05-26 19:56 . 2010-05-26 19:55 ———— d——-w- c:\program files\OpenAL 1.1 SDK
2010-05-26 09:41 . 2010-06-22 19:42 2106216 ——a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-22 19:42 1868128 ——a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-22 19:42 248672 ——a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-22 19:42 470880 ——a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-22 19:42 1998168 ——a-w- c:\windows\system32\D3DX9_43.dll
2010-05-24 17:56 . 2010-05-24 17:56 ———— d——-w- c:\program files\Audacity 1.3
2010-05-24 14:58 . 2010-04-27 11:01 449044 ——a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-1647877149-1801674531-1003-0.dat
2010-05-24 14:58 . 2010-04-27 11:01 161034 ——a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-05-24 09:16 . 2010-05-10 12:22 ———— d——-w- c:\program files\BobsTrackBuilder
2010-05-24 08:35 . 2010-05-11 13:00 43520 ——a-w- c:\windows\system32\CmdLineExt03.dll
2010-05-19 20:04 . 2010-04-18 11:38 ———— d——-w- c:\documents and settings\Slawomir\Application Data\TeamViewer
2010-05-19 17:45 . 2010-05-19 17:14 ———— d——-w- c:\program files\ACW
2010-05-19 15:23 . 2010-05-19 15:23 ———— d——-w- c:\program files\ETRON
2010-05-19 10:36 . 2010-05-19 10:36 ———— d——-w- c:\program files\Microsoft XNA
2010-05-19 10:36 . 2010-05-19 10:36 ———— d——-w- c:\program files\VRhome
2010-05-17 19:25 . 2010-05-17 19:25 151552 ——a-w- c:\windows\system32\nvRegDev.dll
2010-05-16 11:06 . 2010-04-18 13:56 ———— d——-w- c:\program files\Common Files\Adobe
2010-05-14 21:30 . 2010-05-14 21:30 ———— d——-w- c:\program files\Supertintin for Skype
2010-05-14 21:13 . 2010-04-18 11:39 ———— d——-r- c:\program files\Skype
2010-05-14 21:13 . 2010-04-18 11:38 ———— d——-w- c:\documents and settings\All Users\Application Data\Skype
2010-05-14 21:13 . 2010-05-14 21:13 ———— d——-w- c:\program files\Common Files\Skype
2010-05-14 19:33 . 2010-05-14 19:33 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Need for Speed World Online
2010-05-14 19:33 . 2010-05-14 19:33 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Need for Speed World
2010-05-14 18:23 . 2010-04-26 08:12 ———— d——-w- c:\program files\Google
2010-05-13 19:38 . 2010-04-18 14:00 ———— d——-w- c:\documents and settings\Slawomir\Application Data\Winamp
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
. .
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}”= “c:\program files\ZoneAlarm\tbZone.dll” [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50 2517088 ——a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}”= “c:\program files\ZoneAlarm\tbZone.dll” [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}”= “c:\program files\ZoneAlarm\tbZone.dll” [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2010-07-02 2403568]
“LDM”=“c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2010-04-18 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 61952]
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 925696]
“avast5”=“c:\progra~1\ALWILS~1\Avast5\avastUI.exe” [2010-06-28 2837864]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2006-11-03 866584]
“MSSE”=“c:\program files\Microsoft Security Essentials\msseces.exe” [2010-06-01 1093208]
“Start WingMan Profiler”=“c:\program files\Logitech\Gaming Software\LWEMon.exe” [2009-09-16 153608]
“Launch LgDeviceAgent”=“c:\program files\Logitech\GamePanel Software\LgDevAgt.exe” [2010-02-18 357448]
“Launch LCDMon”=“c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe” [2010-02-18 1573448]
“Launch LGDCore”=“c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe” [2010-02-18 3203144]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2010-06-09 49208]
“LVCOMSX”=“c:\windows\system32\LVCOMSX.EXE” [2005-07-19 221184]
“WinPatrol”=“c:\program files\BillP Studios\WinPatrol\winpatrol.exe” [2010-05-31 323976]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-02-18 248040]
“EvtMgr6”=“c:\program files\Logitech\SetPointP\SetPoint.exe” [2010-05-18 1311312]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2010-04-03 110696]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2010-04-03 13670504]
“ZoneAlarm Client”=“c:\program files\Zone Labs\ZoneAlarm\zlclient.exe” [2010-06-23 1043968]
“ISW”=“c:\program files\CheckPoint\ZAForceField\ForceField.exe” [2010-05-26 730600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\Slawomir\Start Menu\Programs\Startup\
Logitech . Produktregistrering.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-4-18 450560]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ——a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ——a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Hurtig start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Hurtig start.lnk
backup=c:\windows\pss\HP Photosmart Premier Hurtig start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Slawomir^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Slawomir\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ——a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ——a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ——a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2009-10-05 16:03 2174976 ——a-w- c:\program files\EXPERTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-04-18 12:28 2938552 ——a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 12:31 21633320 ——a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supertintin_skype]
2010-01-10 10:23 1045504 ——a-w- c:\program files\Supertintin for Skype\supertintin_skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
“DisableMonitoring”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Ventrilo\\Ventrilo.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe”=
“c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe”=
“c:\\Program Files\\Opera\\opera.exe”=
“c:\\Program Files\\gamigo AG\\LevelR\\LevelR.bin”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe”=
“c:\\Program Files\\Steam\\Steam.exe”=
“c:\\WINDOWS\\system32\\PnkBstrA.exe”=
“c:\\WINDOWS\\system32\\PnkBstrB.exe”=
“c:\\Program Files\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe”=
“c:\\Program Files\\Steam\\steamapps\\weblife499\\race\\Race_Steam.exe”=
“c:\\Program Files\\TmNationsForever\\TmForever.exe”=
“c:\\Program Files\\rFactor\\rFactor.exe”=
“c:\\Program Files\\Codemasters\\GRID\\GRID.exe”=
“c:\\Program Files\\Steam\\steamapps\\xvid970\\condition zero\\hl.exe”=
“c:\\Program Files\\Steam\\steamapps\\xvid970\\counter-strike\\hl.exe”=
“c:\\Program Files\\Steam\\steamapps\\common\\shattered_horizon\\client_exe\\shattered_horizon.exe”=
“c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe”=
“c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe”=
“c:\\Program Files\\Autodesk\\Backburner\\monitor.exe”=
“c:\\Program Files\\Autodesk\\Backburner\\manager.exe”=
“c:\\Program Files\\Autodesk\\Backburner\\server.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“56189:TCP”= 56189:TCP:Pando Media Booster
“56189:UDP”= 56189:UDP:Pando Media Booster
“5985:TCP”= 5985:TCP:*:Disabled:Windows Remote Management

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18-04-2010 13:14 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17-02-2010 11:15 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18-04-2010 13:14 17744]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26-05-2010 15:35 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26-05-2010 15:35 493032]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [18-04-2010 14:39 10448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [18-04-2010 15:57 93320]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27-12-2007 15:39 51816]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23-11-2009 17:37 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [18-04-2010 14:50 14856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [18-04-2010 11:58 58600]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17-06-2009 14:20 12648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26-04-2010 10:12 136176]
S2 LeverageService;LeverageService;c:\program files\Pragmatic Solutions Inc\LeverageService\LeverageService.exe [23-11-2009 15:25 44544]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]
S3 adxapie;adxapie;\??\c:\docume~1\Slawomir\LOCALS~1\Temp\adxapie.sys—> c:\docume~1\Slawomir\LOCALS~1\Temp\adxapie.sys [?]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [19-01-2010 17:49 55184]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17-02-2010 11:15 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10-08-2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S4 0291061274904538mcinstcleanup;McAfee Application Installer Cleanup (0291061274904538);c:\windows\TEMP\029106~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service—> c:\windows\TEMP\029106~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10-08-2004 14:00 14336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23-07-2009 05:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30-03-2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30-03-2009 03:23 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
. Indhold af mappen ‘Planlagte Opgaver’

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 08:12]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 08:12]

2010-07-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{E4293555-C6BF-4EB9-A6B0-8A404BA40440}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
. .
———- Yderligere scanning———-
. uStart Page = hxxp://www.google.dk/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/acti ... afekey.cab
FF - ProfilePath - c:\documents and settings\Slawomir\Application Data\Mozilla\Firefox\Profiles\w34m32jy.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Slawomir\Application Data\Mozilla\Firefox\Profiles\w34m32jy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJPI142_19.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

——FIREFOX POLITIKKER——
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.lu”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.nu”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.nz”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn—mgberp4a5d4ar”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn—p1ai”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn—mgbayh7gpa”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.tel”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.proxy.type”, 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.ipc.plugins.timeoutSecs”, 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“accelerometer.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.renego_unrestricted_hosts”, “”);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.treat_unsafe_negotiation_as_broken”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.require_safe_negotiation”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.nptest.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.npswf32.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.npctrl.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.npqtplugin.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);
. - - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-nwiz - nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 21:27
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...


c:\windows\TEMP\TMP0000006B086C9B5EDF6B66CD 524288 bytes

scanning gennemført med succes
skjulte filer: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
“ServiceDll”=“C:/Program Files/Common Files/Akamai/rswin_3725.dll”


[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MsDepSvc]
“ImagePath”=”\“c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\” -runService:MsDepSvc”

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
“ServiceDll”=“C:/Program Files/Common Files/Akamai/rswin_3725.dll”
.——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101”

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe”

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > ‘lsass.exe’(844)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > ‘explorer.exe’(5060)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\docume~1\Slawomir\LOCALS~1\Temp\IadHide5.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.————————————Andre kørende processer————————————
. c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
. **************************************************************************
. Gennemført tid: 2010-07-08 21:35:36 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-07-08 19:35

Pre-Kørsel: 131.367.288.832 bytes free
Post-Kørsel: 131.533.238.272 byte ledig

- - End Of File - - 405F54FB9A2A45DBDBC39BB44F8B9D86





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:39, on 09-07-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pragmatic Solutions Inc\LeverageService\LeverageService.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM\..\Run: [MSSE] “c:\Program Files\Microsoft Security Essentials\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Launch LgDeviceAgent] “C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe”
O4 - HKLM\..\Run: [Launch LCDMon] “C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe”
O4 - HKLM\..\Run: [Launch LGDCore] “C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe” /SHOWHIDE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM\..\Run: [ISW] “C:\Program Files\CheckPoint\ZAForceField\ForceField.exe” /icon=“hidden”
O4 - HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Logitech . Produktregistrering.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1593759156
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/acti ... afekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bw+0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: offline-8876480 - {C541EBC6-4638-4F16-826A-6AC9D6929352} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LeverageService - Unknown owner - C:\Program Files\Pragmatic Solutions Inc\LeverageService\LeverageService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 25418 bytes
src
Active Member
 
Posts: 1
Joined: July 9th, 2010, 2:30 pm
Advertisement
Register to Remove

Re: log chech

Unread postby MWR 3 day Mod » July 13th, 2010, 2:52 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: log chech

Unread postby NonSuch » July 15th, 2010, 2:10 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware