PDA

View Full Version : malware removal help needed, please



Escalus
2008-03-15, 00:16
the problem started after some kind of video codex was run.
every time ie starts, the following message popup
your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!

Have followed instructions in "BEFORe you POST"

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 14, 2008 10:25:13 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/03/2008
Kaspersky Anti-Virus database records: 630142
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 70867
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:12:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_KANDLERFUGL.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_KANDLERFUGL.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\call256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\chat512.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\index2.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\profile256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\user1024.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\user16384.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\user256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Application Data\Skype\kandlerfugl\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Messenger\Thomas_lund_chandler@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Messenger\Thomas_lund_chandler@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Messenger\Thomas_lund_chandler@hotmail.com\SharingMetadata\Working\database_4A6C_13CF_6C13_B523\dfsr.db Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Messenger\Thomas_lund_chandler@hotmail.com\SharingMetadata\Working\database_4A6C_13CF_6C13_B523\fsr.log Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Messenger\Thomas_lund_chandler@hotmail.com\SharingMetadata\Working\database_4A6C_13CF_6C13_B523\tmp.edb Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Windows Live Contacts\Thomas_lund_chandler@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Application Data\Microsoft\Windows Live Contacts\Thomas_lund_chandler@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Oversigt\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\mirc631.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\NAILogs\UpdaterUI_KANDLERFUGL.log Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\~DF6757.tmp Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\~DF78A5.tmp Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\~DFCA12.tmp Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temp\~DFCA37.tmp Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temporary Internet Files\Content.IE5\J4W1D2KF\SmitfraudFix[1].exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temporary Internet Files\Content.IE5\J4W1D2KF\SmitfraudFix[1].exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Thomas Lund Chandler\Lokale indstillinger\Temporary Internet Files\Content.IE5\J4W1D2KF\SmitfraudFix[1].exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Thomas Lund Chandler\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Lund Chandler\Skrivebord\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\BWDocMap.pht Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\BWInfopakMap.pht Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\chandir.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\chandir.idx Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\chn.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\chn.idx Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\D0000000.FCS Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\inuse.txt Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\L0000003.FCS Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\main.log Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs.idx Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_die.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_die.idx Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_dnd.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_dnd.idx Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_ext.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_ext.idx Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_rcv.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\prs_rcv.idx Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\storydb.dat Object is locked skipped
C:\Programmer\Logitech\Desktop Messenger\8876480\Users\Thomas Lund Chandler\Data\storydb.idx Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-1214440339-725345543-1004\Dc25.exe Infected: Trojan-Downloader.Win32.Flux.ei skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D1EFEDF8-9097-41D4-AE86-6F52999A6E21}\RP96\A0013902.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{D1EFEDF8-9097-41D4-AE86-6F52999A6E21}\RP96\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Escalus
2008-03-15, 00:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:25, on 14-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Logitech\QuickCam10\QuickCam10.exe
C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Media Player - {8388F272-9EDA-4F4E-88FD-4711CBA4BA2B} - C:\WINDOWS\wmpdxm.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://www.maxbank.dk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: bw+0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Escalus
2008-03-15, 00:21
O18 - Protocol: bwo0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E60F053C-1AF2-48D8-8F47-0670C66ABB10} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 21321 bytes



Sorry about the split, the text was to long