Søg
Avatar billede sascha Nybegynder
22. juni 2008 - 21:42 Der er 12 kommentarer og
1 løsning

3 logs til gennemsyn

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/22/2008 at 09:26 PM

Application Version : 4.0.1154

Core Rules Database Version : 3487
Trace Rules Database Version: 1404

Scan type      : Complete Scan
Total Scan Time : 00:23:38

Memory items scanned      : 514
Memory threats detected  : 1
Registry items scanned    : 6666
Registry threats detected : 0
File items scanned        : 20156
File threats detected    : 5

Trojan.Downloader-NewJuan/VM
    C:\WINDOWS\SYSTEM32\TBXTNOHT.DLL
    C:\WINDOWS\SYSTEM32\TBXTNOHT.DLL

Rogue.AntiSpywareExpert
    C:\DOCUMENTS AND SETTINGS\HP_EJER\DOKUMENTER\ASE_SETUP_FREE_DK.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP775\A0368833.EXE

Adware.Lop
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP744\A0359120.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP775\A0368837.EXE

ComboFix 08-06-20.4 - HP_Ejer 2008-06-22 20:27:15.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.140 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Ejer\Skrivebord\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\AntiSpywareExpert
C:\WINDOWS\BMe31c6b68.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abmplhck.ini
C:\WINDOWS\system32\AGjknUtv.ini
C:\WINDOWS\system32\cddwpeyf.ini
C:\WINDOWS\system32\ceghmsri.dll
C:\WINDOWS\system32\cjrecnow.ini
C:\WINDOWS\system32\dclqiejh.dll
C:\WINDOWS\system32\dwubtlhw.dll
C:\WINDOWS\system32\erhqbxdj.dll
C:\WINDOWS\system32\erllucyt.ini
C:\WINDOWS\system32\gaqwaqhx.ini
C:\WINDOWS\system32\hemlrhsx.ini
C:\WINDOWS\system32\hskhpwcj.dll
C:\WINDOWS\system32\iPXFgfii.ini
C:\WINDOWS\system32\iPXFgfii.ini2
C:\WINDOWS\system32\itfcasuw.dll
C:\WINDOWS\system32\iyaohjys.ini
C:\WINDOWS\system32\jbovvwqn.dll
C:\WINDOWS\system32\laghakwv.dll
C:\WINDOWS\system32\lsnqevea.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhtlebfg.dll
C:\WINDOWS\system32\ndmkwfep.dll
C:\WINDOWS\system32\niiwcfhe.ini
C:\WINDOWS\system32\opnmKBsR.dll
C:\WINDOWS\system32\pqxjyssx.dll
C:\WINDOWS\system32\qjgdiscd.ini
C:\WINDOWS\system32\rqxsdtbq.ini
C:\WINDOWS\system32\RsBKmnpo.ini
C:\WINDOWS\system32\RsBKmnpo.ini2
C:\WINDOWS\system32\somssnlx.dll
C:\WINDOWS\system32\urqNEXQK.dll
C:\WINDOWS\system32\vhwmdgfq.dll
C:\WINDOWS\system32\vtUkiFxY.dll
C:\WINDOWS\system32\vwfkxjgl.dll
C:\WINDOWS\system32\wccynlib.dll
C:\WINDOWS\system32\wougnqqd.dll
C:\WINDOWS\system32\wurnfgat.dll
C:\WINDOWS\system32\yenpnluc.ini
C:\WINDOWS\system32\ykhtwqmw.ini
C:\WINDOWS\system32\YxFikUtv.ini
C:\WINDOWS\system32\YxFikUtv.ini2

.
(((((((((((((((((((((((((  Files Created from 2008-05-22 to 2008-06-22  )))))))))))))))))))))))))))))))
.

2008-06-22 18:21 . 2008-06-22 18:21    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-22 18:20 . 2005-03-30 20:04    <DIR>    d--------    C:\Documents and Settings\Administrator\WINDOWS
2008-06-22 18:20 . 2005-03-30 20:10    <DIR>    d--------    C:\Documents and Settings\Administrator\Skrivebord
2008-06-22 18:20 . 2005-01-01 10:02    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Skabeloner
2008-06-22 18:20 . 2004-12-03 22:17    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Printere
2008-06-22 18:20 . 2005-01-01 10:00    <DIR>    dr-------    C:\Documents and Settings\Administrator\Menuen Start
2008-06-22 18:20 . 2008-06-22 20:32    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Lokale indstillinger
2008-06-22 18:20 . 2005-01-01 10:00    <DIR>    dr-------    C:\Documents and Settings\Administrator\Foretrukne
2008-06-22 18:20 . 2005-01-01 10:00    <DIR>    dr-------    C:\Documents and Settings\Administrator\Dokumenter
2008-06-22 18:20 . 2005-03-30 20:21    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-22 18:20 . 2005-03-30 20:13    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-22 18:20 . 2005-03-30 20:03    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-22 18:20 . 2004-12-03 22:17    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Andre computere
2008-06-22 18:20 . 2008-06-22 18:20    <DIR>    d--------    C:\Documents and Settings\Administrator
2008-06-22 18:06 . 2008-06-22 18:06    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-06-22 18:06 . 2008-06-22 18:06    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\SUPERAntiSpyware.com
2008-06-22 18:06 . 2008-06-22 18:06    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 16:44 . 2008-06-22 16:44    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\SuperAdBlocker.com
2008-06-22 16:42 . 2008-06-22 16:52    <DIR>    d--------    C:\Programmer\SuperAdBlocker.com
2008-06-22 16:20 . 2008-06-22 16:20    101,728    --a------    C:\WINDOWS\system32\tbxtnoht.dll
2008-06-22 16:17 . 2008-06-22 16:17    84,336    --a------    C:\WINDOWS\system32\tycullre.dll
2008-06-22 16:15 . 2008-06-22 16:15    90,464    --a------    C:\WINDOWS\system32\htykclcj.dll
2008-06-21 19:49 . 2008-06-21 19:55    <DIR>    d--------    C:\Programmer\SPYWAREfighter
2008-06-21 19:49 .     <DIR>        C:\Programmer\Fælles filer\Application
2008-06-21 19:13 . 2008-06-21 19:13    101,728    --a------    C:\WINDOWS\system32\ygoigopl.dll
2008-06-21 19:11 . 2008-06-21 19:11    90,464    --a------    C:\WINDOWS\system32\orqrrfyx.dll
2008-06-21 12:03 . 2008-06-21 12:03    101,728    --a------    C:\WINDOWS\system32\tiqdmyty.dll
2008-06-21 12:00 . 2008-06-21 12:00    90,464    --a------    C:\WINDOWS\system32\cwyedvqh.dll
2008-06-21 11:45 . 2008-06-21 11:45    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-06-21 11:45 . 2008-06-21 11:45    1,409    --a------    C:\WINDOWS\QTFont.for
2008-06-20 12:35 . 2008-06-20 12:35    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\.oces
2008-06-20 12:18 . 2008-06-20 12:18    <DIR>    d--------    C:\Programmer\TDC
2008-06-20 12:18 . 2008-06-20 12:18    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\Cryptomathic
2008-06-20 12:17 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-20 11:59 . 2008-06-20 11:59    90,320    --a------    C:\WINDOWS\system32\djehmaxa.dll
2008-06-19 23:00 . 2008-06-19 23:00    90,320    --a------    C:\WINDOWS\system32\vkvnjfpk.dll
2008-06-19 22:57 . 2008-06-19 22:57    90,320    --a------    C:\WINDOWS\system32\nloudaof.dll
2008-06-19 22:44 . 2008-06-19 22:44    90,320    --a------    C:\WINDOWS\system32\jofipqlp.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 18:38    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-06-22 18:15    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\great coal love default
2008-06-22 15:42    ---------    d-----w    C:\Programmer\Google
2008-06-22 15:28    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\Lavasoft
2008-06-21 19:00    ---------    d-----w    C:\Programmer\DivX
2008-06-21 18:53    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\error ante
2008-06-21 18:53    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\road user wait locks
2008-06-15 15:38    ---------    d-----w    C:\Programmer\EA GAMES
2008-06-13 16:28    ---------    d-----w    C:\Programmer\Norton Internet Security
2008-05-14 15:15    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-12 11:47    ---------    d-----w    C:\Programmer\Java
2008-05-12 11:33    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 11:32    ---------    d-----w    C:\Programmer\Windows Live Toolbar
2008-05-12 11:17    354,560    ----a-w    C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-12 11:16    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\TuneUp Software
2008-05-07 16:11    ---------    d-----w    C:\Programmer\Microsoft Visual Studio 8
2008-05-07 16:02    ---------    d-----w    C:\Programmer\Microsoft Works
2008-05-07 16:01    ---------    d-----w    C:\Programmer\MSBuild
2008-05-07 15:59    ---------    d-----w    C:\Programmer\Microsoft.NET
2008-05-05 19:58    ---------    d-----w    C:\Programmer\MSECache
2008-05-03 10:17    ---------    d-----w    C:\Programmer\MorpheusBar
2008-05-03 10:17    ---------    d-----w    C:\Programmer\Morpheus
2008-04-30 06:30    ---------    d-----w    C:\Programmer\error ante
2008-04-30 06:28    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\LimeWire
2004-08-27 12:00    73,728    --sha-w    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F44C9E5-3ADF-455E-A47C-DE675EAF770D}]
            C:\WINDOWS\system32\iifgFXPi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b37fb016-4b83-4c08-a19f-1a37e404cb04}]
2008-06-22 16:20    101728    --a------    C:\WINDOWS\system32\tbxtnoht.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Programmer\MessengerPlus! 3\MsgPlus.exe" [2006-04-11 11:44 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"SuperAdBlocker"="C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2006-02-02 14:20 1429504]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-22 17:42 171448]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 22:23 4603904]
"nwiz"="nwiz.exe" [2004-09-29 22:23 921600 C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"ccApp"="c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-02-03 18:42 100056]
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"MessengerPlus3"="C:\Programmer\MessengerPlus! 3\MsgPlus.exe" [2006-04-11 11:44 190024]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 19:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\
AutoTBar.exe [2003-09-30 21:30:04 57344]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2005-08-27 10:27:26 532480]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2005-02-15 16:01 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2005-10-03 13:36 143360 C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArtoNotifier]
C:\Programmer\Arto\Notifier\ArtoNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
C:\Programmer\AOL\Active Security Monitor\ASMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 08:13 258048 C:\Programmer\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gram tray]
C:\DOCUME~1\HP_Ejer\APPLIC~1\ERRORA~1\moveamen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 21:26 655360 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 21:34 49152 c:\Programmer\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 18:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 17:44 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Programmer\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=


.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 18:40:59 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmer\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-22 16:00:00 C:\WINDOWS\Tasks\A29A5A359185CB1D.job"
- c:\docume~1\hp_ejer\applic~1\errora~1\NAMESAFEROAM.exe
"2007-08-30 07:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-05-23 18:00:19 C:\WINDOWS\Tasks\Norton AntiVirus - Skan Denne computer - HP_Ejer.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 20:41:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Fælles filer\Symantec Shared\CCPROXY.EXE
C:\Programmer\Fælles filer\Symantec Shared\CCSETMGR.EXE
C:\Programmer\Norton Internet Security\ISSVC.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCEVTMGR.EXE
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\symwsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymSCUI.exe
.
**************************************************************************
.
Completion time: 2008-06-22 20:54:30 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-22 18:54:19

Pre-Run: 120,786,276,352 byte ledig
Post-Run: 120,728,621,056 byte ledig

255    --- E O F ---    2008-05-28 13:01:46

Logfile of HijackThis v1.99.1
Scan saved at 20:20:49, on 22-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
c:\Programmer\Norton Internet Security\ISSVC.exe
c:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\HP_Ejer\Skrivebord\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F44C9E5-3ADF-455E-A47C-DE675EAF770D} - C:\WINDOWS\system32\iifgFXPi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC0C9B81-7148-46C0-AAA2-5500A0B64525} - C:\WINDOWS\system32\urqNEXQK.dll
O2 - BHO: {40bc404e-73a1-f91a-80c4-38b4610bf73b} - {b37fb016-4b83-4c08-a19f-1a37e404cb04} - C:\WINDOWS\system32\tbxtnoht.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C57CA353-9D71-4EE0-874E-91D8E4A7D9B8} - C:\WINDOWS\system32\opnmKBsR.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\programmer\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120911203406
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135867744750
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SABWinLogon - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: urqNEXQK - C:\WINDOWS\SYSTEM32\urqNEXQK.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - c:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede Computer Hjælp (Gratis) Mester
22. juni 2008 - 21:55 #1
Jeg ser på den...
Avatar billede Computer Hjælp (Gratis) Mester
22. juni 2008 - 21:58 #2
Afinstaller

* Limewire
* Morpheus - Fildelingsprogram
* MorpheusBar

Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

MessengerPlus! 3

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Og en frisk HiJackThis Log derefter ...

(Der ER mere 'snavs' men ovenstående først !!!)
Avatar billede sascha Nybegynder
22. juni 2008 - 22:03 #3
Ja jeg ved det godt, det er datterens
Avatar billede Computer Hjælp (Gratis) Mester
22. juni 2008 - 22:11 #4
"...Og en frisk HiJackThis Log derefter ......"
Avatar billede sascha Nybegynder
22. juni 2008 - 22:14 #5
Logfile of HijackThis v1.99.1
Scan saved at 22:12:21, on 22-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
c:\Programmer\Norton Internet Security\ISSVC.exe
c:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Documents and Settings\HP_Ejer\Skrivebord\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F44C9E5-3ADF-455E-A47C-DE675EAF770D} - C:\WINDOWS\system32\iifgFXPi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: {40bc404e-73a1-f91a-80c4-38b4610bf73b} - {b37fb016-4b83-4c08-a19f-1a37e404cb04} - C:\WINDOWS\system32\tbxtnoht.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\programmer\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120911203406
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135867744750
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SABWinLogon - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - c:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede Computer Hjælp (Gratis) Mester
23. juni 2008 - 07:11 #6
En længere oprydnings mm. procedure ->

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten
* Panda Process Protection Service (PavPrSrv)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

-----------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\Tasks\A29A5A359185CB1D.job
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\system32\djehmaxa.dll
C:\WINDOWS\system32\vkvnjfpk.dll
C:\WINDOWS\system32\nloudaof.dll
C:\WINDOWS\system32\jofipqlp.dll
C:\WINDOWS\system32\ygoigopl.dll
C:\WINDOWS\system32\orqrrfyx.dll
C:\WINDOWS\system32\tiqdmyty.dll
C:\WINDOWS\system32\cwyedvqh.dll
C:\WINDOWS\system32\htykclcj.dll
C:\WINDOWS\system32\tycullre.dll
C:\WINDOWS\system32\iifgFXPi.dll
C:\WINDOWS\system32\urqNEXQK.dll
C:\WINDOWS\system32\opnmKBsR.dll

Folders to delete:
C:\Programmer\MessengerPlus! 3\
c:\docume~1\hp_ejer\applic~1\errora~1\
C:\Documents and Settings\HP_Ejer\Application Data\LimeWire
C:\Programmer\Limewire
C:\Programmer\error ante
C:\Programmer\Morpheus
C:\Programmer\MorpheusBar
C:\Documents and Settings\All Users\Application Data\road user wait locks
C:\Documents and Settings\HP_Ejer\Application Data\error ante
C:\Documents and Settings\All Users\Application Data\great coal love default
C:\Programmer\Fælles filer\Panda Software\
C:\Programmer\Panda Software\

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=desktop
O2 - BHO: (no name) - {4F44C9E5-3ADF-455E-A47C-DE675EAF770D} - C:\WINDOWS\system32\iifgFXPi.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: {40bc404e-73a1-f91a-80c4-38b4610bf73b} - {b37fb016-4b83-4c08-a19f-1a37e404cb04} - C:\WINDOWS\system32\tbxtnoht.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\programmer\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\MsgPlusUninst.bat"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

-----------------------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Avatar billede sascha Nybegynder
23. juni 2008 - 13:29 #7
Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:
Den linie forstår jeg ikke.

Da jeg var ved at lukke datterens comp. igår aftes kom norton frem og sagde den havde fundet en "downloader virus"
Avatar billede sascha Nybegynder
23. juni 2008 - 16:10 #8
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\Tasks\A29A5A359185CB1D.job" deleted successfully.
File "C:\WINDOWS\Tasks\1-Click Maintenance.job" deleted successfully.
File "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" deleted successfully.
File "C:\WINDOWS\system32\djehmaxa.dll" deleted successfully.
File "C:\WINDOWS\system32\vkvnjfpk.dll" deleted successfully.
File "C:\WINDOWS\system32\nloudaof.dll" deleted successfully.
File "C:\WINDOWS\system32\jofipqlp.dll" deleted successfully.
File "C:\WINDOWS\system32\ygoigopl.dll" deleted successfully.
File "C:\WINDOWS\system32\orqrrfyx.dll" deleted successfully.
File "C:\WINDOWS\system32\tiqdmyty.dll" deleted successfully.
File "C:\WINDOWS\system32\cwyedvqh.dll" deleted successfully.
File "C:\WINDOWS\system32\htykclcj.dll" deleted successfully.
File "C:\WINDOWS\system32\tycullre.dll" deleted successfully.

Error:  file "C:\WINDOWS\system32\iifgFXPi.dll" not found!
Deletion of file "C:\WINDOWS\system32\iifgFXPi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\urqNEXQK.dll" not found!
Deletion of file "C:\WINDOWS\system32\urqNEXQK.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\opnmKBsR.dll" not found!
Deletion of file "C:\WINDOWS\system32\opnmKBsR.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "C:\Programmer\MessengerPlus! 3" not found!
Deletion of folder "C:\Programmer\MessengerPlus! 3" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "c:\docume~1\hp_ejer\applic~1\errora~1" deleted successfully.
Folder "C:\Documents and Settings\HP_Ejer\Application Data\LimeWire" deleted successfully.

Error:  folder "C:\Programmer\Limewire" not found!
Deletion of folder "C:\Programmer\Limewire" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Programmer\error ante" deleted successfully.
Folder "C:\Programmer\Morpheus" deleted successfully.
Folder "C:\Programmer\MorpheusBar" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\road user wait locks" deleted successfully.

Error:  folder "C:\Documents and Settings\HP_Ejer\Application Data\error ante" not found!
Deletion of folder "C:\Documents and Settings\HP_Ejer\Application Data\error ante" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Documents and Settings\All Users\Application Data\great coal love default" deleted successfully.
Folder "C:\Programmer\Fælles filer\Panda Software" deleted successfully.

Error:  folder "C:\Programmer\Panda Software" not found!
Deletion of folder "C:\Programmer\Panda Software" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:38, on 23-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Programmer\Norton Internet Security\ISSVC.exe
c:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\programmer\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120911203406
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135867744750
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - c:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10379 bytes
Avatar billede Computer Hjælp (Gratis) Mester
23. juni 2008 - 18:07 #9
Det har du da klaret fint nok *S* !

Lige lidt extra 'oprydning' ->

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe (file missing)

... skal lige 'fixes' i HiJackThis på samme vis som tidligere ...

-------

Hvordan kører PC'en så nu ?
Avatar billede Slettet bruger
23. juni 2008 - 19:09 #10
@ Karise Larry, har set du bruger det her tegn meget, hvad betyder det? *S*
Avatar billede sascha Nybegynder
23. juni 2008 - 19:17 #11
Den første linie kan jeg ikke finde, MEN når det er sagt så er al popup væk. Den kører også væsentlig hurtigere. Mange tak for hjælpen. Udover points burde du også ha' en flaske vin. Lig et svar
Avatar billede Computer Hjælp (Gratis) Mester
23. juni 2008 - 19:25 #12
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

--------------

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da (Husk at vælge sprog) Download pakken til en passende placering og DERFRA instalere pakken. Vil nok ta' sin tid!!! + en lille efterfølgende WindowsUpdate
http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da
Avatar billede Computer Hjælp (Gratis) Mester
23. juni 2008 - 19:28 #13
[Chat-forkortelser] ->
http://home19.inet.tele.dk/wos-to/

*KMPLAG*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:46 Offline opdatering af co-working excell sheet Af morten vestergaard i Excel
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
White papers
Flere white papers »