Søg
Avatar billede daki Juniormester
27. januar 2008 - 16:38 Der er 13 kommentarer og
1 løsning

check af logfil - hijackthis

Er der nogen som vil se på denne logfil.

Jeg har renset med diverse programmer, men kan desværre ikke selv rydde op i hijackthis.
På forhånd tak.

/dan

----------
Logfile of HijackThis v1.99.1
Scan saved at 16:06:45, on 27-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\Programmer\TDCpakke\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\ltmoh\Ltmoh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\ePM\EPM-DM.exe
C:\PROGRA~1\LAUNCH~1\LManager.EXE
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Webshots\WEBSHOTS.SCR
C:\Programmer\TDCpakke\npf\bin\npfuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\check pc\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Programmer\Webshots\WSToolbar4IE.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmer\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Programmer\Webshots\Launcher.exe
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Programmer\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195671172812
O17 - HKLM\System\CCS\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programmer\TDCpakke\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe
----------
Avatar billede mark-ch Nybegynder
27. januar 2008 - 17:02 #1
hej jeg syndes du skal prøve winclener.

(:
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 17:42 #2
Er det samme som du havde her -> http://www.eksperten.dk/spm/813266 ?
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 17:43 #3
... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
(Som du jo har gennemført før !)
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 17:44 #4
Du har vist haft gang i BEARSHARE -> *SUK*
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
Avatar billede daki Juniormester
27. januar 2008 - 17:51 #5
Både ja og nej :-)
Min søsters bærbar er langsom til at starte om, og jeg gjorde (af erfarig) gennemført som beskrevet i ring http://www.eksperten.dk/artikler/1123

NB. Bearshare er afinstalleret efter....

/dan

---------

Logfile of HijackThis v1.99.1
Scan saved at 16:06:45, on 27-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\Programmer\TDCpakke\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\ltmoh\Ltmoh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\ePM\EPM-DM.exe
C:\PROGRA~1\LAUNCH~1\LManager.EXE
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Webshots\WEBSHOTS.SCR
C:\Programmer\TDCpakke\npf\bin\npfuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\check pc\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Programmer\Webshots\WSToolbar4IE.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmer\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Programmer\Webshots\Launcher.exe
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Programmer\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195671172812
O17 - HKLM\System\CCS\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programmer\TDCpakke\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe

----------

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
27-01-2008 16:08:03,25

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 16:08:04
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

----------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2008 at 03:47 PM

Application Version : 3.7.1018

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type      : Complete Scan
Total Scan Time : 00:39:45

Memory items scanned      : 87
Memory threats detected  : 0
Registry items scanned    : 5445
Registry threats detected : 0
File items scanned        : 26786
File threats detected    : 102

Adware.Tracking Cookie
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@ad.ofir[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@atdmt[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@centrebet.advertserve[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@doubleclick[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@goclick[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@hotelscom.122.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@media.hotels[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@mediaplex[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@questionmarket[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@saxoomis.122.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@statcounter[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@tradedoubler[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@upspiral[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@2o7[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@2o7[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@3.adbrite[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.yieldmanager[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.yieldmanager[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.yieldmanager[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.zanox[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad1.emediate[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad1.emediate[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adbrite[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adfair[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adfarm1.adition[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads.estart[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads.gamesbannernet[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads.pointroll[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads2.jubii[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adserver.banneradministration[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adtech[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@advertising[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@advertising[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@advertising[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@as1.falkag[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@azjmp[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@azjmp[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@azjmp[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bannere.fyens[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bs.serving-sys[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bs.serving-sys[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bs.serving-sys[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@casalemedia[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@casalemedia[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@casalemedia[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@clicktorrent[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@e2.emediate[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@e2.emediate[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@e2.emediate[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@eas.apm.emediate[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@eas.apm.emediate[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@edsa.122.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ehg-dig.hitbox[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@fastclick[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@fastclick[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@fastclick[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@flixbanner.bearshare[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@flixbanner.bearshare[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@hitbox[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ilead.itrack[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@indextools[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@jobzonen.112.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@media.fastclick[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies%5
Avatar billede daki Juniormester
27. januar 2008 - 17:53 #6
----------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2008 at 03:47 PM

Application Version : 3.7.1018

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type      : Complete Scan
Total Scan Time : 00:39:45

Memory items scanned      : 87
Memory threats detected  : 0
Registry items scanned    : 5445
Registry threats detected : 0
File items scanned        : 26786
File threats detected    : 102

Adware.Tracking Cookie
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@ad.ofir[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@atdmt[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@centrebet.advertserve[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@doubleclick[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@goclick[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@hotelscom.122.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@media.hotels[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@mediaplex[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@questionmarket[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@saxoomis.122.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@statcounter[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@tradedoubler[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt henriks kirk@upspiral[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@2o7[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@2o7[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@3.adbrite[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.yieldmanager[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.yieldmanager[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.yieldmanager[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad.zanox[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad1.emediate[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ad1.emediate[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adbrite[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adfair[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adfarm1.adition[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads.estart[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads.gamesbannernet[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads.pointroll[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ads2.jubii[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adserver.banneradministration[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@adtech[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@advertising[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@advertising[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@advertising[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@as1.falkag[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@azjmp[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@azjmp[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@azjmp[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bannere.fyens[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bs.serving-sys[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bs.serving-sys[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@bs.serving-sys[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@casalemedia[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@casalemedia[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@casalemedia[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@clicktorrent[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@e2.emediate[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@e2.emediate[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@e2.emediate[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@eas.apm.emediate[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@eas.apm.emediate[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@edsa.122.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ehg-dig.hitbox[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@fastclick[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@fastclick[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@fastclick[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@flixbanner.bearshare[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@flixbanner.bearshare[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@hitbox[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@ilead.itrack[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@indextools[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@jobzonen.112.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@media.fastclick[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@msnaccountservices.112.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@mtg.banneradministration[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@overture[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@pulz.banneradministration[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@qxl.banneradministration[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@realmedia[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@revenue[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@revsci[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@server.cpmstar[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@serving-sys[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@serving-sys[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@serving-sys[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@serving-sys[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@shop.zanox[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@stat.onestat[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@statcounter[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@statse.webtrendslive[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@track.adform[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@track.adform[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@track.adform[4].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@track.webtrekk[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@tradedoubler[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@tradedoubler[3].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@tribalfusion[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@tribalfusion[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@woco.112.2o7[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@www.gamesbanner[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@www.googleadservices[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@www.googleadservices[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@www.zanox-affiliate[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@www3.addfreestats[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@xiti[1].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@zbox.zanox[2].txt
    C:\Documents and Settings\Britt Henriks Kirk\Cookies\britt_henriks_kirk@zedo[1].txt

BearShare File Sharing Client
    C:\PROGRAMMER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

----------

Ingen log fra Combofix

----------
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 19:17 #7
"...Ingen log fra Combofix..." ???
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 19:28 #8
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Programmer\Webshots\WSToolbar4IE.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83


Genstart normalt...

Manuelt slet mappen
C:\Programmer\TEXTware\
C:\PROGRAMMER\BEARSHARE APPLICATIONS\
C:\PROGRAMMER\BEARSHARE\

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------
Avatar billede daki Juniormester
27. januar 2008 - 20:17 #9
Her en log fra Combofix, inden fjernelser i Hijackthis

/dan

----------
ComboFix 08-01-20.1 - Britt Henriks Kirk 2008-01-27 19:52:20.2 - NTFSx86
Running from: C:\Temp\check pc\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- Unknown downloads made by BITS: ----
http://83.91.17.76:8530

.
(((((((((((((((((((((((((  Files Created from 2007-12-27 to 2008-01-27  )))))))))))))))))))))))))))))))
.

2008-01-27 17:22 . 2008-01-27 17:22    <DIR>    d--------    C:\Temp\ext8202
2008-01-27 17:22 . 2008-01-27 17:23    <DIR>    d--------    C:\Programmer\Microsoft Silverlight
2008-01-27 16:56 . 2008-01-27 19:41    <DIR>    d--------    C:\Programmer\TDCpakke
2008-01-27 16:56 . 2007-09-17 15:24    212,024    --a------    C:\WINDOWS\system32\nscrnsav.scr
2008-01-27 16:56 . 2007-05-14 10:51    79,840    --a------    C:\WINDOWS\system32\drivers\ndis_rd.sys
2008-01-27 16:56 . 2007-05-14 10:51    72,320    --a------    C:\WINDOWS\system32\drivers\tdi_rd.sys
2008-01-27 16:56 . 2007-09-06 09:45    19,000    --a------    C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-01-27 16:10 . 2000-08-31 08:00    51,200    --a------    C:\WINDOWS\NirCmd.exe
2008-01-27 14:29 . 2008-01-27 14:29    <DIR>    d--------    C:\Programmer\CCleaner
2008-01-27 14:29 . 2008-01-27 14:29    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-27 14:27 . 2008-01-27 18:58    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-01-27 14:27 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-27 14:27 . 2008-01-27 14:27    <DIR>    d--------    C:\Documents and Settings\Britt Henriks Kirk\Application Data\SUPERAntiSpyware.com
2008-01-27 13:18 . 2008-01-27 19:48    <DIR>    d--------    C:\Temp\check pc

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 13:27    ---------    d-----w    C:\Programmer\Fælles filer
2007-12-05 09:24    38,400    ----a-w    C:\WINDOWS\system32\drivers\ale_nf.sys
2007-10-31 03:56    3,590,656    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44    1,291,776    ----a-w    C:\WINDOWS\system32\dllcache\quartz.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 14:26 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 14:37 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-02 14:19 118784]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 88361 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Programmer\ltmoh\Ltmoh.exe" [2003-03-19 00:39 184320]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 15:13 102400]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 15:12 684032]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-27 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00 455168]
"EPM-DM"="C:\Acer\ePM\EPM-DM.exe" [2004-10-27 20:16 163840]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2004-11-02 21:43 2884096]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.EXE" [2004-10-01 16:46 262144]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Norman ZANDA"="C:\Programmer\TDCpakke\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"NPCTray"="C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" [2007-09-17 14:28 199736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 05:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WMC_WMPDBExport"="C:\Programmer\Windows Media Player\wmdbexport.exe" [2006-10-18 20:04 493568]

C:\Documents and Settings\Britt Henriks Kirk\Menuen Start\Programmer\Start\
Cyber-shot Viewer Media Check Tool.lnk - C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-01-25 18:30:01 155648]
Webshots.lnk - C:\Programmer\Webshots\Launcher.exe [2006-12-19 21:00:55 45056]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Gyldendals R›de Ordb›ger.lnk - C:\Programmer\TEXTware\Illuminator 2\Illview02.exe [2007-01-21 11:47:02 670208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2007-05-14 10:51]
R1 NPROSEC;Norman Security driver;C:\Programmer\TDCpakke\Ngs\bin\nprosec.sys [2007-09-06 08:37]
R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\TDI_RD.SYS [2007-05-14 10:51]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-09-02 17:27]
R2 Ndiskio;Ndiskio;C:\Programmer\TDCpakke\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe" [2007-12-06 09:51]
R2 NPROSECSVC;Norman Security service;"C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE" [2007-11-27 15:13]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Programmer\TDCpakke\npm\bin\nvoy.exe" [2007-09-18 11:01]
R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 18:29]
R3 NPC;Norman Parental Control;"C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe" [2007-09-17 14:24]
R3 NUAA;Norman User Activity Agent;"C:\Programmer\TDCpakke\npc\bin\nuaa.exe" [2007-09-17 14:22]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 18:53:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
----------
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 20:35 #10
... jeps - ComboFix har 'fixet' noget som forventet... Fortsæt bare med HiJackThis proceduren [27/01-2008 19:28:41] ...
Avatar billede daki Juniormester
27. januar 2008 - 20:36 #11
ny log.
O17 - HKLM\System\CCS\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83

Ellers kan jeg ikke komme på internettet.


/dan

----------
Logfile of HijackThis v1.99.1
Scan saved at 20:33, on 2008-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\Elogsvc.exe
C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\Programmer\TDCpakke\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\ltmoh\Ltmoh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\ePM\EPM-DM.exe
C:\PROGRA~1\LAUNCH~1\LManager.EXE
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Webshots\WEBSHOTS.SCR
C:\Temp\check pc\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmer\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Programmer\Webshots\Launcher.exe
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Programmer\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\tdcpakke\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195671172812
O17 - HKLM\System\CCS\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{09AE494E-F784-47BB-A5E4-CC0374F5AB03}: NameServer = 192.168.12.100,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programmer\TDCpakke\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe
----------
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 22:24 #12
Indrømmet - dem var jeg også i tvivl om ...
Avatar billede Computer Hjælp (Gratis) Mester
27. januar 2008 - 22:25 #13
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede daki Juniormester
28. januar 2008 - 20:33 #14
Tak for hjælpen.

/dan
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 19:26 Opstart af ny computer Af Bent i Windows
I går 20:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
I går 17:08 Problemer med borger.dk Af valby i Windows
I går 14:19 Fejl Af buls i Windows
I går 13:44 Adgang til Google konto via Ipad Af cyperbent i E-mail programmer
White papers
Flere white papers »