Notifikationer

Markér alle som læst Log ud

taoist Nybegynder

09. april 2008 - 17:34 Der er 10 kommentarer og
1 løsning

Windows update og defender reporterer fejl

Hvordan får jeg Windows upd. og Windows defend. igang igen, de reporter fejl begge to. W-upd. giver fejlkode:(0x8007000B)
W-defend. giver fejlkode:(0x8024402f), så vidt jeg kan forstå hænger de to ting sammen, ud fra hvad jeg har fundet på nettet er det nok en Hijack browser fejl, da jeg bliver redirected gang på gang.
Har XP Home SP2, lige upgradet til IE7 (hvilket jeg har fortrudt lidt, den fryser konstant,og er meget langsom, kører med 4mb/1024kb hvilket ikke kan mærkes i øjeblikket).
Har haft dette ? inde før, blev foreslået at oprette det en gang til under anden kategori, de var ikke de store log hajer. se dette: http://www.eksperten.dk/spm/816510
Har endvidere kikket på disse sider med løsninger:

http://www.precisesecurity.com/tools-resources/threat-removal-procedure/browser-hijacker-removal-procedure/

http://www.precisesecurity.com/how-to/ht-backreg.htm

Jeg håber der er en der kan hjælpe og guide mig da de sidder jeg har kikket på, vir kompliceret for mig pt. teknisk engelsk

Synes godt om

Computer Hjælp (Gratis) Mester

09. april 2008 - 18:05 #1

... ka' godt se at du har gennemfør den før men alligevel ->
Gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
(Se ser jeg på den...)

Synes godt om

taoist Nybegynder

10. april 2008 - 00:01 #2

ComboFix 08-04-09.4 - Jan Thulstrup 2008-04-09 23:39:28.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.408 [GMT 2:00]
Running from: C:\Documents and Settings\Jan Thulstrup\Lokale indstillinger\Temporary Internet Files\Content.IE5\OWQC8UKK\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\kmd.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-03 17:14 . 2008-04-03 17:14 <DIR> d-------- C:\Programmer\Windows Live Safety Center
2008-04-03 15:18 . 2007-12-07 04:13 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-03 15:00 . 2007-01-31 08:47 1,015,808 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-03 14:59 . 2007-12-07 04:13 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-03 14:59 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-03 14:59 . 2007-12-07 04:13 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-03 14:59 . 2007-08-20 12:00 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-03 14:59 . 2007-12-07 04:13 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-03 14:59 . 2007-12-07 04:13 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-03 14:59 . 2007-12-06 13:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-01 23:32 . 2008-04-01 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-03-29 17:32 . 2008-03-29 17:32 <DIR> d-------- C:\WINDOWS\system32\da-dk
2008-03-23 11:48 . 2008-03-23 11:48 <DIR> d-------- C:\Programmer\Fælles filer\Application
2008-03-23 11:48 . 2008-03-23 11:48 <DIR> d-------- C:\Programmer\Fælles filer\Ankiro
2008-03-23 11:47 . 2008-03-23 11:48 <DIR> d-------- C:\Programmer\SPAMfighter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 14:03 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-17 10:08 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-17 10:08 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-17 10:08 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-14 15:20 0 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-01-14 15:16 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-11 05:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 14:28 1961984]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 09:01 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 09:55 1481968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38 1757184]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-03-01 12:04 52840]
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-09-24 03:24 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 02:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2008-02-26 11:10 317072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Programmer\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a------ 2008-02-26 11:10 317072 C:\Programmer\SPAMfighter\SFAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-16 09:01 68856 C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmer\\Support.com\\bin\\tgcmd.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Programmer\SPAMfighter\sfus.exe [2008-02-26 11:10]
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS [2002-07-01 11:07]
S2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-02-21 16:02]
S2 Winkwio;Winkwio;C:\WINDOWS\System32\Winkwio.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 21:29:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-04-04 23:25:16 C:\WINDOWS\Tasks\Norton AntiVirus - Kør fuld systemskanning - Jan Thulstrup.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:45:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 23:46:54
ComboFix-quarantined-files.txt 2008-04-09 21:46:28
ComboFix2.txt 2008-02-08 12:26:36
Pre-Run: 9,777,528,832 byte ledig
Post-Run: 9,768,386,560 byte ledig
.
2008-03-29 16:33:17 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 19:32:27, on 09-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\PROGRA~1\FÆLLES~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\CCleaner\ccleaner.exe
C:\Documents and Settings\Jan Thulstrup\Lokale indstillinger\Temporary Internet Files\Content.IE5\ANHGW1KS\alternativ[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdconline.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.thaiairways.com
O15 - Trusted IP range: http://203.170.161.80
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://gandalf.certifikat.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/169b4149d00438d20321/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121719743443
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207226794123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B351DFF1-CFBE-4C39-BF91-CBD5B4869A85}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmer\Fælles filer\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Winkwio - Unknown owner - C:\WINDOWS\System32\Winkwio.exe (file missing)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/09/2008 at 09:50 PM

Application Version : 4.0.1154

Core Rules Database Version : 3434
Trace Rules Database Version: 1426

Scan type : Complete Scan
Total Scan Time : 01:25:38

Memory items scanned : 169
Memory threats detected : 0
Registry items scanned : 5585
Registry threats detected : 0
File items scanned : 23446
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Jan Thulstrup\Cookies\jan_thulstrup@adtech[1].txt

Trojan.Fake-Drop/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{198A4A80-7F33-4BB9-A958-32A32995465A}\RP876\A0084482.EXE

Synes godt om

Computer Hjælp (Gratis) Mester

10. april 2008 - 08:44 #3

YFFER PYFFER - den er også nogle meget Uønskede elementer/linier!!!

---------------------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten
* Winkwio - Unknown owner
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

---------------------

Under dette fix vil computeren blive genstartet, og du bør derfor printe vejledningen ud, for at have den ved din side under hele fixet. Fixet skal bruge adgang til internettet, så det skal du sikre dig, at der er.

1. Hent FixWareout fra et af disse links:

http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

2. Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i "Run fixit" - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt...

---------------------

3. Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil der åbnes en log (report.txt), som du skal gemme og lægge herind i næste post.

4. Kør herefter HijackThis - klik på "Do a systemscan only", og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{B351DFF1-CFBE-4C39-BF91-CBD5B4869A85}: NameServer = 85.255.113.90,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Winkwio - Unknown owner - C:\WINDOWS\System32\Winkwio.exe (file missing)

5. Luk HJT og klik på OK for at fortsætte. Genstart din computer, og kopier indholdet af C:\fixwareout\report.txt herind sammen med en frisk HijackThis log.

--------------------------------------------------
Hvis du får en fejl ang. manglende autoexec.nt
Prøv lige at finde c:\windows\repair\autoexec.nt, kopier den over i C:\windows\system32.
----------------------------------------------

---------------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

---------------------

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe

Synes godt om

taoist Nybegynder

10. april 2008 - 10:19 #4

hej larry
i hijackthis, hvor jeg skal sætte fluben i,findes der slet ikke nogen 017-HKLM, samt 023-service:Winkwio

Synes godt om

Computer Hjælp (Gratis) Mester

10. april 2008 - 10:38 #5

... det kan ske at nogle linier/elementer er blevet 'fixet' vha FixWareout trixet...

Sæt fluepin i de resterende osv osv ...

Synes godt om

taoist Nybegynder

10. april 2008 - 11:21 #6

Username "Jan Thulstrup" - 10-04-2008 9:49:26 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.90 85.255.112.5" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B351DFF1-CFBE-4C39-BF91-CBD5B4869A85}
"nameserver"="85.255.113.90,85.255.112.5" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1A434DE7-5B24-44FF-884E-03F52576C2C1}
"DhcpNameServer"="85.255.113.90,85.255.112.5" <Value cleared.

DNS Resolver Cache blev tømt.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"hcenter"="\"C:\\Programmer\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor "
"RemoteControl"="C:\\Programmer\\CyberLink\\PowerDVD\\PDVDServ.exe"
"ccApp"="\"C:\\Programmer\\Fælles filer\\Symantec Shared\\ccApp.exe\""
"OpwareSE2"="\"C:\\Programmer\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"Windows Defender"="\"C:\\Programmer\\Windows Defender\\MSASCui.exe\" -hide"
"Symantec PIF AlertEng"="\"C:\\Programmer\\Fælles filer\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Programmer\\Fælles filer\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Programmer\\Adobe\\Photoshop Elements 6.0\\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Programmer\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SPAMfighter Agent"="\"C:\\Programmer\\SPAMfighter\\SFAgent.exe\" update delay 60"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="\"C:\\Programmer\\Ahead\\Nero BackItUp\\NBJ.exe\""
"MSMSGS"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Programmer\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Jeg så ikke jeg skule bruge versionen trendsecure så denne er fra artikel 1123, jeg har så også taget den anden fra trendsecure, den kommer nedenunder, håber det er ok

Logfile of HijackThis v1.99.1
Scan saved at 10:50:00, on 10-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\PROGRA~1\FÆLLES~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\Documents and Settings\Jan Thulstrup\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdconline.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.thaiairways.com
O15 - Trusted IP range: http://203.170.161.80
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://gandalf.certifikat.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/169b4149d00438d20321/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121719743443
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207226794123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmer\Fælles filer\Symantec Shared\Support Controls\ssrc.exe

her er så den fra trendsecure

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:11, on 10-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\FÆLLES~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdconline.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.thaiairways.com
O15 - Trusted IP range: http://203.170.161.80
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://gandalf.certifikat.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/169b4149d00438d20321/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121719743443
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207226794123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmer\Fælles filer\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 0: (no name) - http://www.banktrelleborg.dk/file.asp?id=89

--
End of file - 11527 bytes

(skal jeg så køre regcleaner og spywarefri nu, under oprydning af registreringsdatabase)

Synes godt om

taoist Nybegynder

10. april 2008 - 11:27 #7

jeg kan ikke lide at 024-desktop, ligger her til ofentlig beskuelse, hva' siger du

Synes godt om

Computer Hjælp (Gratis) Mester

10. april 2008 - 12:10 #8

BINGO ... der er ryddet op!

Hvordan kører putteren så nu ?

PS: "024-desktop" viser ike noget personligt for os andre ...

Synes godt om

taoist Nybegynder

10. april 2008 - 14:53 #9

kører perfekt, tak for det. 200 point til dig

hvilket virusprogram,firewall vil du anbefale, har norton pt

Synes godt om

Computer Hjælp (Gratis) Mester

10. april 2008 - 16:15 #10

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

Synes godt om

Computer Hjælp (Gratis) Mester

10. april 2008 - 16:16 #11

Behold du foreløbig bare Symantec/Norton - hvis den stadig virker/kan opdateres...

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

09/01

Folk frygtede, at Google ville ende som Nokia - her er historien om, hvordan søgegiganten pludselig blev den stærkeste AI-spiller på kloden

09/01

Prøvekørt: Renault 4 E-Tech er et retro-offensiv, der ikke glemmer det praktiske

09/01

Kinas cyberoffensiv mod USA viser, hvor sårbar den digitale supermagt er

09/01

Nørgaard: Nørgaard: Mit mål i dag er at bringe jer gode nyheder, der får smilet frem

09/01

Kunderne undrer sig: Microsoft har i al stilhed skrottet særlig licens i Power Platform

09/01

Sådan skaber du den perfekte it-struktur ifølge Gartner - uden at kvæle innovation og øge cyberrisiko

09/01

Efter markant kritik fra kunder: Microsoft skrotter plan om loft i Exchange

09/01

IBM Danmark vinder hemmeligholdt udbud hos Forsvarsministeriet: Var eneste selskab der bød

09/01

Bøger: Fem fremragende bud på ny sci-fi

09/01

Digital rådgiver på 71 år har ingen planer om at stoppe med at arbejde: ”Jeg har oplevet nogle, der følte sig gamle som 35-årige”

09/01

AI-funktioner rulles ud til tre milliarder Gmail-brugere: Du skal selv slå det fra, hvis du ikke er interesseret

Vis flere artikler

IT-JOB

Solvencytool ApS

Strategisk og operationel Chief Information Security Officer til SolvencyTool

Capgemini Danmark A/S

Management Consultant

Forsvaret

Flyverkommandoens Air Warfare afdeling søger en cyber-ekspert med flair for programmering, AI og trådløse forbindelser

IT-Forsyningen I/S

It-arkitekt

Banedanmark

Netværksarkitekt til IT Sikkerhed og Infrastruktur

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 12:00	Ekstern harddisk frsvundet Af barth i NAS & storage
I går 15:51	Slet album i Google foto Af gerhardpet i Andet software
09/0108:19	Gendan W10 efter nulstillet computer Af barth i Andet software
08/0112:38	Kopiere fra stifinder Af hkprofil i Office & Kontorpakker
07/0118:18	jpg til jpeg Af Nysum i Billedbehandling

White papers

IT i front: Sådan bliver netværk en strategisk driver
TDC Erhverv
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Er I klar til at tage næste skridt på den digitale retailrejse?
TDC Erhverv
Undersøgelse: Datakontrol rykker helt op på direktionsniveau
ScanNet

Flere white papers »