Popup problem

Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret.

Start programmet, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start programmet igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Hent derefter dette værktøj: http://www.spywarefri.dk/downloads1/hijackthis.exe og gem det på skrivebordet.
Dobbeltklik HiJackThis og vælg det øverste menupunkt, mht at lave en log.
Kopier så loggen herind, så vi kan se om vi fik ram på det hele.

Du må IKKE lave noget i HiJackThis udover at kopiere loggen herind.

HiJackThis viser både snavsede og legale ting !

SUPERAntiSpyware Scan Log
Generated 04/26/2006 at 04:38 PM

Core Rules Database Version : 2895
Trace Rules Database Version: 1037

Memory threats detected  : 0
Registry threats detected : 21
File threats detected    : 102

Trojan.WinSysBan
    [mousepad] C:\windows\mousepad12.exe
    C:\windows\mousepad12.exe

Trojan.MC Downloader Variant
    [DNS] C:\Programmer\Fælles filer\mc-110-12-0000137.exe
    C:\Programmer\Fælles filer\mc-110-12-0000137.exe
    C:\WINDOWS\Prefetch\MC-110-12-0000137.EXE-15E91A77.pf

Adware.Shorty
    HKLM\Software\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32#ThreadingModel
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\ProgID
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\Programmable
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\TypeLib
    HKCR\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\VersionIndependentProgID
    C:\Programmer\DNS\Catcher.dll

Adware.Tracking Cookie
    C:\Documents and Settings\Ejer\Cookies\ejer@atdmt[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adtech[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@a[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.itv[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@revsci[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@2o7[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.hatstats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@e2.emediate[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.arto[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@exitexchange[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.pacificpoker[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adultfriendfinder[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@888[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@m1.webstats4u[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cassava[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cgi-bin[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.winantiviruspro[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stats1.reliablestats[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@89539488[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@a.websponsors[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.888[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@cpvfeed[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@rotator.adjuggler[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.popupsandbanners[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.tbs[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@clicktorrent[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.xctrk[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@mediaplex[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ad1.emediate[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ad.yieldmanager[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@www.winantivirus[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@tacoda[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@yieldmanager[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@track.adform[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@msninvite.112.2o7[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ilead.itrack[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@ad.yieldmanager[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@ad.zanox[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@ad1.emediate[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@banner.cdpoker[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@cpvfeed[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@login.tracking101[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@microsofteup.112.2o7[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@stats1.reliablestats[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@www.popupsandbanners[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@www.winantiviruspro[2].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@www.winantivirus[1].txt
    C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\Cookies\ejer@xiti[1].txt
    C:\WINDOWS\Temp\Cookies\ejer@ad.yieldmanager[2].txt
    C:\WINDOWS\Temp\Cookies\ejer@cpvfeed[2].txt
    C:\WINDOWS\Temp\Cookies\ejer@stats1.reliablestats[2].txt
    C:\WINDOWS\Temp\Cookies\ejer@www.winantivirus[1].txt

Trojan.NetMon/DNSChange
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.ZQuest
    C:\WINDOWS\dh.ini

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-1060284298-1343024091-839522115-1003\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.eXact Advertising
    C:\Programmer\BE Network\bin\context.exe
    C:\Programmer\BE Network\bin\slidev.exe
    C:\Programmer\BE Network\Uninstall.exe

Trojan.SERVICES
    C:\Programmer\Fælles filer\services.exe

Adware.NicTech Networks
    C:\RECYCLER\NPROTECT\00003319.DLL
    C:\RECYCLER\NPROTECT\00003320.DLL
    C:\RECYCLER\NPROTECT\00003325.dll
    C:\RECYCLER\NPROTECT\00003327.DLL
    C:\RECYCLER\NPROTECT\00003365.DLL
    C:\RECYCLER\NPROTECT\00003605.DLL
    C:\RECYCLER\NPROTECT\00003768.DLL
    C:\RECYCLER\NPROTECT\00003770.DLL
    C:\RECYCLER\NPROTECT\00003778.dll
    C:\RECYCLER\NPROTECT\00003779.DLL
    C:\RECYCLER\NPROTECT\00003782.DLL
    C:\RECYCLER\NPROTECT\00004210.DLL
    C:\RECYCLER\NPROTECT\00004212.DLL
    C:\RECYCLER\NPROTECT\00004220.dll
    C:\RECYCLER\NPROTECT\00004221.DLL
    C:\RECYCLER\NPROTECT\00004223.DLL
    C:\RECYCLER\NPROTECT\00004251.DLL
    C:\RECYCLER\NPROTECT\00004253.DLL
    C:\RECYCLER\NPROTECT\00004282.dll
    C:\RECYCLER\NPROTECT\00004283.DLL
    C:\RECYCLER\NPROTECT\00004285.DLL
    C:\RECYCLER\NPROTECT\00004346.DLL
    C:\RECYCLER\NPROTECT\00004348.DLL
    C:\RECYCLER\NPROTECT\00004355.dll
    C:\RECYCLER\NPROTECT\00004356.DLL
    C:\RECYCLER\NPROTECT\00004358.DLL
    C:\RECYCLER\NPROTECT\00004378.DLL
    C:\RECYCLER\NPROTECT\00004380.DLL
    C:\RECYCLER\NPROTECT\00004386.dll
    C:\RECYCLER\NPROTECT\00004388.DLL
    C:\RECYCLER\NPROTECT\00004390.DLL
    C:\RECYCLER\NPROTECT\00004417.dll
    C:\WINDOWS\system32\dtnlobby.dll
    C:\WINDOWS\system32\f4j20e1oeh.dll
    C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\MAC71CHS.DLL
    C:\WINDOWS\system32\sbldivx.dll
    C:\WINDOWS\system32\stlgntfy.dll
    C:\WINDOWS\system32\syftpub.dll

Adware.ClickSpring/PuritySCAN
    C:\WINDOWS\system32\wapicc.exe

Logfile of HijackThis v1.99.1
Scan saved at 16:46:50, on 26-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Network\ipnetwork.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ejer\Lokale indstillinger\Temporary Internet Files\Content.IE5\QDORI9A5\hijackthis[1].exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programmer\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard12.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname12.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programmer\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\g4lm0e31eh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\mlxmlr.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Nåh hva kan du få ud af det? - indtil videre har jeg ikke fået en eneste popup.. det er fantastisk! giver den lige 5 minutter mere og hvis du osse mener de to logs ser gode ud kan du få pointsene!

Jeg kigger lige på den ... Den er ihvertfald endnu ikke helt ren.

Genstart pc'en i fejlsikret tilstand. Klik F8 under opstart.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, slet mapper og filer listet nederst.
Dobbelttjek, så alt kommer med.

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard12.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname12.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\g4lm0e31eh.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\mlxmlr.dll (file missing)

---------------------------------------
Sletning af filer og mapper:
(Nogle kan være slettet af scanningen, andre af HiJackThis, så kan du ikke finde en file, gå så blot videre og kig efter den næste fil)
-------------------
Mapper:
C:\Programmer\Network

Filer:
C:\windows\keyboard12.exe
C:\windows\newname12.exe
C:\WINDOWS\system32\g4lm0e31eh.dll
C:\WINDOWS\system32\mlxmlr.dll

Genstart normalt og kom med en ny log til kontrol

Logfile of HijackThis v1.99.1
Scan saved at 17:11:40, on 26-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ejer\Skrivebord\hijackthis.exe
C:\Programmer\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programmer\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programmer\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe



Jeg fandt filer der hed: keyboard121.exe og keyboard11.exe men ikke præcis de navne der stod der.. fik slettet mappen Network

Du har gjort det helt rigtigt. Loggen er ren :)

Hvordan kører pc'en ?
Nogen popup's eller andet som ikke kan ses ud af loggen ?

den kører optimalt igen mange tak for hjælpen!

Velbekomme :)

Du kan lukke spørgsmålet ved at markere mit navn ovre til venstre og herefter klikke accepter *s*

gjort :D

Takker for point :)