w32/virtumonde.gdi

Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

Dobbeltklik på VundoFix.exe for at køre det. Klik på "Scan for Vundo"-knappen. Når programmet er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.

Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt

Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. HVis dette sker, skal du bare følge instruktionerne ovenfor efter genstarten (startende med "Klik på Scan for Vundo-knappen")

Hej det gik ikke godt.
se log fil

Logfile of HijackThis v1.99.1
Scan saved at 05:47:35, on 19-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmer\TDCpakke\npm\bin\nvoy.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\SCardSvr.exe
H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
H:\Programmer\TDCpakke\npm\bin\ZLH.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
H:\Programmer\TDCpakke\npc\bin\nuaa.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Programmer\TDCpakke\nvc\BIN\NIP.EXE
H:\WINDOWS\system32\msiexec.exe
H:\Documents and Settings\Administrator\Skrivebord\Hijackthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdconline.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - H:\WINDOWS\system32\ljjjijh.dll
O2 - BHO: (no name) - {C7B05C97-07F6-4AC2-B464-04F8B06D1CD4} - H:\WINDOWS\system32\ljjhh.dll
O4 - HKLM\..\Run: [RemoteControl] H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Norman ZANDA] H:\Programmer\TDCpakke\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] H:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RegistryDefender.lnk = H:\Programmer\Registry Defender\RegistryDefender.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179372527022
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA63CC8-4BC8-43A1-82E6-AB54D80AF1A8}: NameServer = 194.239.134.83,193.162.153.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljjhh - H:\WINDOWS\system32\ljjhh.dll
O20 - Winlogon Notify: ljjjijh - H:\WINDOWS\SYSTEM32\ljjjijh.dll
O23 - Service: Norman NJeeves - Unknown owner - H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - H:\Programmer\TDCpakke\npm\bin\nvoy.exe

Her er vondofix log fil


VundoFix V6.3.23

Checking Java version...

Sun Java not detected
Scan started at 06:17:57 19-05-2007

Listing files found while scanning....

H:\WINDOWS\system32\hhjjl.ini
H:\WINDOWS\system32\ljjhh.dll
H:\WINDOWS\system32\ljjjijh.dll

Beginning removal...

Attempting to delete H:\WINDOWS\system32\hhjjl.ini
H:\WINDOWS\system32\hhjjl.ini Has been deleted!

Attempting to delete H:\WINDOWS\system32\ljjhh.dll
H:\WINDOWS\system32\ljjhh.dll Could not be deleted.

Attempting to delete H:\WINDOWS\system32\ljjjijh.dll
H:\WINDOWS\system32\ljjjijh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete H:\WINDOWS\system32\hhjjl.ini
H:\WINDOWS\system32\hhjjl.ini Has been deleted!

Attempting to delete H:\WINDOWS\system32\ljjhh.dll
H:\WINDOWS\system32\ljjhh.dll Could not be deleted.

Attempting to delete H:\WINDOWS\system32\ljjjijh.dll
H:\WINDOWS\system32\ljjjijh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Sun Java not detected
Scan started at 06:26:02 19-05-2007

Listing files found while scanning....

H:\WINDOWS\system32\hhjjl.ini
H:\WINDOWS\system32\ljjhh.dll
H:\WINDOWS\system32\ljjjijh.dll

Beginning removal...

Attempting to delete H:\WINDOWS\system32\hhjjl.ini
H:\WINDOWS\system32\hhjjl.ini Has been deleted!

Attempting to delete H:\WINDOWS\system32\ljjhh.dll
H:\WINDOWS\system32\ljjhh.dll Could not be deleted.

Attempting to delete H:\WINDOWS\system32\ljjjijh.dll
H:\WINDOWS\system32\ljjjijh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

MVH
Jan

HJT Log EFTER VondoFix ?

Der er lidt mere endnu ... kommer senerer...

Her hjt log efter vondofix
Logfile of HijackThis v1.99.1
Scan saved at 14:44:33, on 19-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmer\TDCpakke\npm\bin\nvoy.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\SCardSvr.exe
H:\WINDOWS\Explorer.EXE
H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
H:\Programmer\TDCpakke\npm\bin\ZLH.EXE
H:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
H:\Programmer\TDCpakke\npc\bin\nuaa.exe
H:\WINDOWS\System32\alg.exe
H:\Programmer\TDCpakke\nvc\BIN\NIP.EXE
H:\Programmer\TDCpakke\npf\bin\npfuser.exe
H:\Documents and Settings\Administrator\Skrivebord\VundoFix.exe
H:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
H:\Programmer\TDCpakke\nvc\bin\cclaw.exe
H:\Programmer\Internet Explorer\iexplore.exe
H:\Documents and Settings\Administrator\Skrivebord\Hijackthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdconline.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {3C473414-674F-4928-B9D9-26BFB8FD647B} - H:\WINDOWS\system32\ljjhh.dll
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - H:\WINDOWS\system32\ljjjijh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Norman ZANDA] H:\Programmer\TDCpakke\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] H:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RegistryDefender.lnk = H:\Programmer\Registry Defender\RegistryDefender.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179372527022
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA63CC8-4BC8-43A1-82E6-AB54D80AF1A8}: NameServer = 194.239.134.83,193.162.153.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljjhh - H:\WINDOWS\system32\ljjhh.dll
O20 - Winlogon Notify: ljjjijh - H:\WINDOWS\SYSTEM32\ljjjijh.dll
O23 - Service: Norman NJeeves - Unknown owner - H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - H:\Programmer\TDCpakke\npm\bin\nvoy.exe


mvh
jan

hej jeg har kørt combofix.exe den har taget meget af det. her er en ny HJT
Logfile of HijackThis v1.99.1
Scan saved at 18:10:58, on 19-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmer\TDCpakke\npm\bin\nvoy.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\SCardSvr.exe
H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
H:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
H:\Programmer\TDCpakke\npc\bin\nuaa.exe
H:\WINDOWS\System32\alg.exe
H:\Programmer\TDCpakke\npf\bin\npfuser.exe
H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
H:\Programmer\TDCpakke\npm\bin\ZLH.EXE
H:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programmer\TDCpakke\nvc\BIN\NIP.EXE
H:\Programmer\TDCpakke\nvc\bin\cclaw.exe
H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
H:\WINDOWS\explorer.exe
H:\Documents and Settings\Administrator\Skrivebord\Hijackthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdconline.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Norman ZANDA] H:\Programmer\TDCpakke\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] H:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RegistryDefender.lnk = H:\Programmer\Registry Defender\RegistryDefender.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179372527022
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA63CC8-4BC8-43A1-82E6-AB54D80AF1A8}: NameServer = 194.239.134.83,193.162.153.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Norman NJeeves - Unknown owner - H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - H:\Programmer\TDCpakke\npm\bin\nvoy.exe


Håber du vil se på det.

Hilsen
Jan

Jeps - [combofix.exe] ville også have været mit næste våben *S* FINT nok...

Lige lidt oprydning tilbage ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: h:\programmer\tdcpakke\npc\bin\nlf.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Programmer\Yahoo!\Common\yinsthelper.dll

Genstart normalt

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller nej til den.

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

Den er bare på duperne igen dejligt. Hvordan giver jeg dig dine 200 point. Har aldrig prøvet det før

Logfile of HijackThis v1.99.1
Scan saved at 14:25:42, on 20-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmer\TDCpakke\npm\bin\nvoy.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\SCardSvr.exe
H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
H:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
H:\Programmer\TDCpakke\npc\bin\nuaa.exe
H:\WINDOWS\System32\alg.exe
H:\Programmer\TDCpakke\npf\bin\npfuser.exe
H:\WINDOWS\Explorer.EXE
H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
H:\Programmer\TDCpakke\npm\bin\ZLH.EXE
H:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
H:\Programmer\TDCpakke\nvc\BIN\NIP.EXE
H:\Programmer\TDCpakke\nvc\bin\cclaw.exe
H:\Documents and Settings\Administrator\Skrivebord\Hijackthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdconline.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] H:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Norman ZANDA] H:\Programmer\TDCpakke\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] H:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RegistryDefender.lnk = H:\Programmer\Registry Defender\RegistryDefender.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = H:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179372527022
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA63CC8-4BC8-43A1-82E6-AB54D80AF1A8}: NameServer = 194.239.134.83,193.162.153.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Norman NJeeves - Unknown owner - H:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - H:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - H:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - H:\Programmer\TDCpakke\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - H:\Programmer\TDCpakke\npm\bin\nvoy.exe

MVH
Jan

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

-----------------------------------------------

http://expfaq.1go.dk/?id=3#behandling_af_svar

http://expfaq.1go.dk/?id=3#behandling_af_svar

Ping...