Søg
Avatar billede inari Nybegynder
13. juni 2007 - 20:51 Der er 11 kommentarer

HijackThis log til kontrol

Er der nogen, der lige vil tjekke min hijackthis log? Computeren kører _meget_ langsomt og min msn sender mærkelige beskeder til med links til polske/russiske hjemmesider til mine kontakter..

Logfile of HijackThis v1.99.1
Scan saved at 20:44:28, on 13-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\dpl1npwm.exe
C:\WINDOWS\System32\pgpswuau.exe
C:\WINDOWS\trgtapi86.exe
C:\DOCUME~1\R2\LOKALE~1\Temp\~92.tmp
C:\WINDOWS\System32\hpzcitss.exe
C:\Programmer\TEXTware\QUICKfind\QFServer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\R2\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmer\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [xxndiag] C:\WINDOWS\trgtapi86.exe
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\system32\svct.exe -s
O4 - HKLM\..\Run: [MnEx32] C:\WINDOWS\system32\svct.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: certmsje.dll confxxn.dll e1.dll winnscar.dll  schahtic.dll
O20 - Winlogon Notify: dpl1npwm - C:\WINDOWS\system32\dpl1npwm.dll
O20 - Winlogon Notify: dx3jhnet - C:\WINDOWS\system32\dx3jhnet.dll (file missing)
O20 - Winlogon Notify: hpzcitss - C:\WINDOWS\system32\hpzcitss.dll
O20 - Winlogon Notify: pgpswuau - C:\WINDOWS\system32\pgpswuau.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
Avatar billede Computer Hjælp (Gratis) Mester
13. juni 2007 - 22:06 #1
PUHA - hvad har du dog haft gang i ?

Jeg ser på den ...
Avatar billede Computer Hjælp (Gratis) Mester
13. juni 2007 - 22:13 #2
Der skal en del til for at få det hele med ->

---------------------------------------------------------------------

Hent denne engangsscanner:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (Gem programmet på skrivebordet, så du let kan finde det til senere brug)

Hvis din firewall blokerer for ftp adresser, kan du hente programmet her:
http://spywareinfo.dk/download/drweb-cureit.exe
(Du skal ikke aktivere den endnu)
---------------------------------------------------------------------

Hent AVG Antispyware http://www.spywarefri.dk/downloads1/avgas-setup-7.5.0.47.exe
Manual til Ewido http://www.spywarefri.dk/manualer/ewido-manual.htm AVG Antispyware hed tidligere Ewido. Du kan stadig bruge denne manual, men vi får snart tilpasset en ny manual til programmet.

Opdater straks efter installationen programmet. Lad være med at slette noget med AVG Antispyware fra normal tilstand. Vent til du kommer i fejlsikret tilstand. Du kan evt. højreklikke på ikonet E nede ved uret, og klikke på shutdown guard, så er du sikker på, at programmet venter med at fjerne snavs, til du er i fejlsikret tilstand.

---------------------------------------------------------------------

Download free Trial af SuperAntiSpyware Proff til Skrivebordet, http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe
Installer den, og lad den opdatere med nyeste opdateringer.
Så vil den spørge om din mail adresse, det er op til dig selv om du vil udfylde det. Tryk så på Næste og Næste igen - Udfør.
Dansk vejledning http://www.spywarefri.dk/manualer/superantispyware-manual.htm
(Du skal ikke aktivere den endnu)
---------------------------------------------------------------------

Tøm dine TEMP mapper:
Hent den lille batfil, dobbeltklik på filen, og der går et split sek. Så er temp renset.
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------------------------------------------------

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm
---------------------------------------------------------------------

Kør en fuld scanning med AVG Antispyware, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.
Programmet opretter en lille log, som du skal kopiere herind i dit næste svar. Du kan se hvordan du skal oprette og gemme rapporten her: http://www.spywarefri.dk/manualer/ewido-manual.htm Ewido manual  Hvis du er i tvivl. Se punkt: 19 og 20
---------------------------------------------------------------------

DrWeb - Dobbeltklik på cureit exe filen laver den en kort startup/express scan.
Lad den fixe hvad den finder (Say Yes to all)
Derefter skal du klikke på Options -> Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Move.
Fjern flueben ved - Prompt on action.
Ved Move Path sletter du hvad der står, og skriver: c:\infected
Tryk på Anvend og derefter på OK.

Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Tryk så på den grønne pil nederst  til højre, så scanner den, og fixer problemerne.

Når scanningen er færdig, gå op i file - Tryk på - Save Report list.
Så ligger der en en fil der her hedder drweb.csv (åbnes med Notebook/Notepad) - på skrivebordet.
Luk Programmet
---------------------------------------------------------------------

Start superantispyware ved at højreklikke på den gule og sorte bille ved uret

Tryk på - Scan for, Adware,Malware - linjen
Tryk på - Preference - Knappen.
Fjern flueben ved - Start SuperAntiSpyware when Windows starts.

Tryk på Fanebladet - Scanning control.
Ved scanning options, skal der kun være flueben i de to nederste
Fanebladet - Real Time Protections. Fjerner du fluben ved - Enable Real Time Protection
Tryk så på Close

Tryk på - Scan Your computer - Knappen. sæt flueben ved de drev der skal scannes. Det er vigtigt at drev hvor Windows (systemdrevet) ligger, har et flueben.
Flyt så prikken ved - Perform quick Scan, ned til - Perform complete Scan.
Tryk på Næste, så går den i gang med at scanne.

Det kan godt tage lang tid hvis du har meget på computeren

Når scanninngen er færdig popper der en boks op, tryk OK.
Sæt flueben ved alt den har fundet - næste. Så vil den fixe/slette infektionerne.

Lad den genstarte.
---------------------------------------------------------------------

Efter genstart -

Åben SuperAntiSpyware igen
Tryk på Preferences, vælg Statistics/Logs
Marker loggen i det lille vindue og tryk på View Log.
Kopier teksten herind sammen med loggen fra Ewido og loggen fra DrWeb (drweb csv)

Sammen med en frisk Log fra HiJackThis...
Avatar billede inari Nybegynder
13. juni 2007 - 22:16 #3
Pyyyha.. Det var da en ordentlig omgang! Men cool nok - jeg ser på det snarest!
Avatar billede inari Nybegynder
22. juni 2007 - 16:07 #4
Beklager det sene svar..
Har kigget på det nu - har dog et mindre problem! Computeren vil ikke genstarte i almindelig tilstand.. Den bliver ved med at starte i fejlsikret tilstand, hverken via [start] og msconfig eller F8 ved genstart.. Kan du hjælpe med det?
Avatar billede Computer Hjælp (Gratis) Mester
24. juni 2007 - 17:06 #5
... dvs en alm. opstart får den STRAKS til at starte i FEJLsikker tilstand ?

Har du pillet i BOOT.INI ???
Avatar billede inari Nybegynder
24. juni 2007 - 18:03 #6
Ja lige præcis! Startede den i fejlsikker tilstand via msconfig og SAFEBOOT, man har fået det rettet ved at rette i BOOT.INI
Så nu virker den som den skal og der kommer snart nogle logfiler!
Avatar billede inari Nybegynder
24. juni 2007 - 21:21 #7
Her kommer der så en omgang log's

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    17:06:00 21-06-2007

+ Scan result:   



C:\Documents and Settings\R2\Cookies\r2@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\R2\Cookies\r2@2o7[3].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\R2\Cookies\r2@edsa.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\R2\Cookies\r2@hotelscom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\R2\Cookies\r2@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\R2\Cookies\r2@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\R2\Cookies\r2@saxobank.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\R2\Cookies\r2@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\R2\Cookies\r2@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\R2\Cookies\r2@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\R2\Cookies\r2@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\R2\Cookies\r2@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\R2\Cookies\r2@advertising[3].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\R2\Cookies\r2@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\R2\Cookies\r2@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\R2\Cookies\r2@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\R2\Cookies\r2@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\R2\Cookies\r2@ilead.itrack[1].txt -> TrackingCookie.Itrack : No action taken.
C:\Documents and Settings\R2\Cookies\r2@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\R2\Cookies\r2@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\R2\Cookies\r2@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\R2\Cookies\r2@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\R2\Cookies\r2@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\R2\Cookies\r2@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\R2\Cookies\r2@revenue[3].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\R2\Cookies\r2@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\R2\Cookies\r2@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\R2\Cookies\r2@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\R2\Cookies\r2@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\R2\Cookies\r2@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\R2\Cookies\r2@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\R2\Cookies\r2@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\R2\Cookies\r2@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\R2\Cookies\r2@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\R2\Cookies\r2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

Dr. Web

confcnn.dll;c:\windows\system32;Win32.HLLM.Limar;Will be cured after reboot.;
dpl1npwm.dll;c:\windows\system32;Win32.HLLM.Limar;Will be cured after reboot.;
dpl1npwm.exe;c:\windows\system32;Win32.HLLM.Limar;Will be cured after reboot.;
hpzcitss.dll;c:\windows\system32;Win32.HLLM.Limar;Will be cured after reboot.;
hpzcitss.exe;c:\windows\system32;Win32.HLLM.Limar;Will be cured after reboot.;
odfwbc21.exe;c:\windows\system32;Probably DLOADER.Trojan;;
pgpswuau.dll;c:\windows\system32;Win32.HLLM.Limar;Will be cured after reboot.;
pgpswuau.exe;c:\windows\system32;Win32.HLLM.Limar;Will be cured after reboot.;
sysc10trg.exe;c:\windows\system32;Win32.HLLM.Limar;Deleted.;
trgtapi86.exe;c:\windows;Win32.HLLM.Limar;Deleted.;
ctgt86.exe;C:\WINDOWS;Win32.HLLM.Limar;Deleted.;
fix.exe;C:\WINDOWS;Win32.HLLM.Limar;Deleted.;
dpl1npwm.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
psapuman.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
psnppack.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
pgpswuau.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
xxnprf32.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
xxnperf.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
confcnn.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
sscvsr.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
dcon321.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
dx3jhnet.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
con321.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
p2pgsisb.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
con321.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
cnnprf32.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
jgshwint.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
cnnperf.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
hpzcitss.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
adptfram.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
syncmgr.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
__delete_on_reboot__c_e_r_t_m_s_j_e_._d_l_l_;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
__delete_on_reboot__c_o_n_f_x_x_n_._d_l_l_;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
__delete_on_reboot__w_i_n_n_s_c_a_r_._d_l_l_;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
__delete_on_reboot__s_c_h_a_h_t_i_c_._d_l_l_;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
__delete_on_reboot__e_1_._d_l_l_;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
__delete_on_reboot__p_t_h_r_p_g_p_h_._d_l_l_;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
__delete_on_reboot__i_p_s_m_i_n_p_u_._d_l_l_;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
winnscar.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
schahtic.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
certmsje.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
pthrpgph.dll;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
dpl1npwm.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Will be cured after reboot.;
pgpswuau.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
hpzcitss.exe;C:\WINDOWS\system32;Win32.HLLM.Limar;Deleted.;
Update-KB1687-x86.exe;C:\Documents and Settings\R2\Lokale indstillinger\Temporary Internet Files\Content.IE5\1OK2IJM1\Update-KB1687-x86[1];Win32.HLLM.Limar;Deleted.;
Update-KB1687-x86.exe;C:\Documents and Settings\R2\Lokale indstillinger\Temporary Internet Files\Content.IE5\DGDXRX5B\Update-KB1687-x86[1];Win32.HLLM.Limar;Deleted.;
file.exe;C:\Documents and Settings\R2\Dokumenter\Billeder;Win32.HLLM.Limar;Deleted.;
A0030070.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP94;Win32.HLLM.Limar;Deleted.;
A0030071.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP94;Win32.HLLM.Limar;Deleted.;
A0030072.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP94;Win32.HLLM.Limar;Deleted.;
A0030074.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP94;Win32.HLLM.Limar;Deleted.;
A0030108.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP95;Win32.HLLM.Limar;Deleted.;
A0030130.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP97;Win32.HLLM.Limar;Deleted.;
A0030150.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP98;Win32.HLLM.Limar;Deleted.;
A0030183.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP99;Win32.HLLM.Limar;Deleted.;
A0030245.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP101;Win32.HLLM.Limar;Deleted.;
A0030246.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP101;Win32.HLLM.Limar;Deleted.;
A0030247.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP101;Win32.HLLM.Limar;Deleted.;
A0030609.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP106;Win32.HLLM.Limar;Deleted.;
A0030610.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP106;Win32.HLLM.Limar;Deleted.;
A0030611.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP106;Win32.HLLM.Limar;Deleted.;
A0030613.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP106;Win32.HLLM.Limar;Deleted.;
A0030632.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP106;Win32.HLLM.Limar;Deleted.;
A0030649.Exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP106;Win32.HLLM.Limar;Deleted.;
A0030653.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP107;Win32.HLLM.Limar;Deleted.;
A0030655.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP107;Win32.HLLM.Limar;Deleted.;
A0030657.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP107;Win32.HLLM.Limar;Deleted.;
A0031656.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP108;Win32.HLLM.Limar;Deleted.;
A0031673.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP109;Win32.HLLM.Limar;Deleted.;
A0033656.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP114;Win32.HLLM.Limar;Deleted.;
A0035719.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP115;Win32.HLLM.Limar;Deleted.;
A0035742.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP116;Win32.HLLM.Limar;Deleted.;
A0035765.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP117;Win32.HLLM.Limar;Deleted.;
A0035807.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP118;Win32.HLLM.Limar;Deleted.;
A0035831.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0036829.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0036830.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0036831.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0036832.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0036834.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0038829.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0038830.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0038832.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0038833.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0039830.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0039831.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0039848.Exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP119;Win32.HLLM.Limar;Deleted.;
A0039853.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP120;Win32.HLLM.Limar;Deleted.;
A0039854.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP120;Win32.HLLM.Limar;Deleted.;
A0040829.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP120;Win32.HLLM.Limar;Deleted.;
A0040851.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP121;Win32.HLLM.Limar;Deleted.;
A0040853.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP121;Win32.HLLM.Limar;Deleted.;
A0040854.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP121;Win32.HLLM.Limar;Deleted.;
A0040856.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP121;Win32.HLLM.Limar;Deleted.;
A0040858.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP121;Win32.HLLM.Limar;Deleted.;
A0041851.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP122;Win32.HLLM.Limar;Deleted.;
A0041853.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP122;Win32.HLLM.Limar;Deleted.;
A0041854.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP122;Win32.HLLM.Limar;Deleted.;
A0042852.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP122;Win32.HLLM.Limar;Deleted.;
A0042853.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP122;Win32.HLLM.Limar;Deleted.;
A0042872.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP122;Win32.HLLM.Limar;Deleted.;
A0042874.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP122;Win32.HLLM.Limar;Deleted.;
A0042894.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP124;Win32.HLLM.Limar;Deleted.;
A0042895.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP124;Win32.HLLM.Limar;Deleted.;
A0042896.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP124;BackDoor.IRC.Sdbot.1404;Deleted.;
A0042899.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP125;Win32.HLLM.Limar;Deleted.;
A0042900.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP125;Win32.HLLM.Limar;Deleted.;
A0042902.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP125;Win32.HLLM.Limar;Deleted.;
A0042903.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP125;Win32.HLLM.Limar;Deleted.;
A0042930.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP127;Win32.HLLM.Limar;Deleted.;
A0042931.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP127;Win32.HLLM.Limar;Deleted.;
A0042961.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042962.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042963.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042964.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042965.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042966.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042967.exe\data001;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131\A0042967.exe;Win32.HLLM.Limar;;
A0042967.exe\data002;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131\A0042967.exe;Win32.HLLM.Limar;;
A0042967.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Archive contains infected objects;Moved.;
A0042968.exe\data001;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131\A0042968.exe;Win32.HLLM.Limar;;
A0042968.exe\data002;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131\A0042968.exe;Win32.HLLM.Limar;;
A0042968.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Archive contains infected objects;Moved.;
A0042970.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042971.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0042973.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP131;Win32.HLLM.Limar;Deleted.;
A0043963.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP132;Win32.HLLM.Limar;Deleted.;
A0043964.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP132;Win32.HLLM.Limar;Deleted.;
A0043965.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP132;Win32.HLLM.Limar;Deleted.;
A0043984.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP132;Win32.HLLM.Limar;Deleted.;
A0043985.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP132;Win32.HLLM.Limar;Deleted.;
A0043986.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP132;Win32.HLLM.Limar;Deleted.;
A0044982.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0044983.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0044984.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0044986.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0044987.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0044988.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0045983.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0045985.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0045986.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP133;Win32.HLLM.Limar;Deleted.;
A0046010.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046011.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046013.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046019.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046020.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046021.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046040.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046041.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046043.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046060.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046061.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046062.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046069.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046070.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046072.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046087.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046088.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046089.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046111.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046112.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046114.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046144.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046145.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046146.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046147.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046148.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046149.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046150.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046151.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046152.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046153.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046154.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046155.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046156.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046157.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046158.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046159.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046160.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046161.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046162.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046163.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046164.dll;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046165.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046166.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046167.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;
A0046168.exe;C:\System Volume Information\_restore{542625C1-FF9E-45BA-A97D-7D2329180136}\RP134;Win32.HLLM.Limar;Deleted.;

Logfile of HijackThis v1.99.1
Scan saved at 21:16:24, on 24-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\odfwbc21.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\pgpswuau.exe
C:\WINDOWS\System32\hpzcitss.exe
C:\WINDOWS\System32\dpl1npwm.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\R2\Skrivebord\antivirus\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmer\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\system32\wmem.exe -s
O4 - HKLM\..\Run: [MnEx32] C:\WINDOWS\system32\svct.exe
O4 - HKLM\..\Run: [odfwbc21] C:\WINDOWS\System32\odfwbc21.exe
O4 - HKLM\..\Run: [yhm] C:\WINDOWS\system32\yhm.exe
O4 - HKLM\..\Run: [wmem] C:\WINDOWS\system32\wmem.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: certmsje.dll confxxn.dll  winnscar.dll  schahtic.dll e1.dll confcnn.dll diagisr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dpl1npwm - C:\WINDOWS\system32\dpl1npwm.dll
O20 - Winlogon Notify: dx3jhnet - C:\WINDOWS\system32\dx3jhnet.dll (file missing)
O20 - Winlogon Notify: hpzcitss - C:\WINDOWS\system32\hpzcitss.dll
O20 - Winlogon Notify: odfwbc21 - C:\WINDOWS\System32\odfwbc21.dll
O20 - Winlogon Notify: pgpswuau - C:\WINDOWS\system32\pgpswuau.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Håber det er som det skal være.
Avatar billede Computer Hjælp (Gratis) Mester
25. juni 2007 - 09:53 #8
Der blev ædt en del - stadig en del 'snavs' tilbage.
Derfor ->


Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

Dobbeltklik på VundoFix.exe for at køre det. Klik på "Scan for Vundo"-knappen. Når programmet er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.

Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt

Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. HVis dette sker, skal du bare følge instruktionerne ovenfor efter genstarten (startende med "Klik på Scan for Vundo-knappen")

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!
Avatar billede inari Nybegynder
03. juli 2007 - 20:53 #9
VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 22:47:12 26-06-2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 20:50:49 03-07-2007

Listing files found while scanning....


Logfile of HijackThis v1.99.1
Scan saved at 20:54:13, on 03-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\odfwbc21.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\pgpswuau.exe
C:\WINDOWS\System32\hpzcitss.exe
C:\WINDOWS\System32\dpl1npwm.exe
C:\WINDOWS\xdr.exe
C:\Programmer\TEXTware\QUICKfind\QFServer.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\R2\Skrivebord\antivirus\VundoFix.exe
C:\Documents and Settings\R2\Skrivebord\antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmer\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\system32\sserv32.exe -s
O4 - HKLM\..\Run: [MnEx32] C:\WINDOWS\system32\svct.exe
O4 - HKLM\..\Run: [odfwbc21] C:\WINDOWS\System32\odfwbc21.exe
O4 - HKLM\..\Run: [yhm] C:\WINDOWS\system32\yhm.exe
O4 - HKLM\..\Run: [wmem] C:\WINDOWS\system32\wmem.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [cnndiag] C:\WINDOWS\sysc10trg.exe
O4 - HKLM\..\Run: [xdr] C:\WINDOWS\xdr.exe s
O4 - HKLM\..\Run: [msnmsgr.exe] C:\WINDOWS\system32\msnmsgr.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\system32\sserv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: certmsje.dll confxxn.dll winnscar.dll schahtic.dll e1.dll confcnn.dll  diagisr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dpl1npwm - C:\WINDOWS\system32\dpl1npwm.dll
O20 - Winlogon Notify: dx3jhnet - C:\WINDOWS\system32\dx3jhnet.dll (file missing)
O20 - Winlogon Notify: hpzcitss - C:\WINDOWS\system32\hpzcitss.dll
O20 - Winlogon Notify: odfwbc21 - C:\WINDOWS\System32\odfwbc21.dll
O20 - Winlogon Notify: pgpswuau - C:\WINDOWS\system32\pgpswuau.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
Avatar billede Computer Hjælp (Gratis) Mester
03. juli 2007 - 21:54 #10
Denne VundoFix burde have ædt noget mere - Hmmm...
Der er stadig >20 Uønskede elementer tilbage. Er den PC i det hele taget til at arbejde med ???

Istedet for at fixe det manuelt så tager vi lige den pakke først ->

-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind, sammen med en ny log fra Hijackthis...
Avatar billede Computer Hjælp (Gratis) Mester
03. juli 2007 - 21:54 #11
NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:51 Vest Tysk film - fra 1955 ? - Søges - Navn på film og forfatter har jeg glemt Af Ikke-ekspert i Fri debat
I dag 05:41 Messenger kræver kode. Af Per i PC
25/0315:42 Kan ikke installere MitID app fra google play Af valby i Mobiltelefoner
23/0313:50 Ingen forb. fra ny pc'er til printer Af arnel i Printere
23/0313:24 Stempel ur start og stop Af lurup i Excel
White papers
Flere white papers »