Søg
Avatar billede jk- Nybegynder
19. august 2008 - 18:19 Der er 9 kommentarer og
1 løsning

Har jeg mere spyware ?

Jeg har kørt 3 programmerigennem nu:

SuperAntispware
Combofix
Hijackthis.

Vil i tjekke om der er mere på denne maskine! Tak!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/18/2008 at 11:48 PM

Application Version : 4.0.1154

Core Rules Database Version : 3539
Trace Rules Database Version: 1528

Scan type      : Complete Scan
Total Scan Time : 00:44:30

Memory items scanned      : 170
Memory threats detected  : 0
Registry items scanned    : 4742
Registry threats detected : 1
File items scanned        : 19152
File threats detected    : 94

Adware.UpMedia/SearchTool
    HKU\S-1-5-21-538075767-1149290911-594743236-1004\Software\UptownInstaller

Adware.Tracking Cookie
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@1.affiliateclicks[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@2o7[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ad.ofir[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ad.yieldmanager[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ad.yieldmanager[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ad.yieldmanager[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ad.zanox[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ad1.emediate[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ad1.emediate[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@AdBanner[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@adbrite[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ads.monster[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ads.pointroll[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ads.skisport[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ads.skisport[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@adtech[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@advertising[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@advertising[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@advertising[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@advertising[5].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@atdmt[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@atwola[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@b.casalemedia[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@belnk[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@bluestreak[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@bs.serving-sys[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@bs.serving-sys[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@bs.serving-sys[4].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@casalemedia[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@clicktorrent[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@dist.belnk[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@dist.belnk[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@doubleclick[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@e2.emediate[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@e2.emediate[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@fastclick[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@hitbox[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@ilead.itrack[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@indextools[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@indextools[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@m1.webstats4u[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@media.fastclick[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@mediaplex[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@netmediagroup[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@overture[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@phg.hitbox[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@reduxads.valuead[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@revsci[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@servedby.advertising[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@serving-sys[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@serving-sys[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@serving-sys[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@statcounter[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@statcounter[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@statcounter[4].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@stats1.clicktracks[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@stats1.reliablestats[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@statse.webtrendslive[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@statse.webtrendslive[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@tacoda[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@tacoda[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@track.adform[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@track.adform[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@tradedoubler[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@tradedoubler[2].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@tradedoubler[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@trafficmp[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@tribalfusion[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@valueclick[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@valueclick[3].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@www.0stats[1].txt
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Cookies\kamille@yourmedia[1].txt

Trojan.VXGame-Variant/D
    D:\05AKSC\2.G\AT10 VIDENSKAB OG ANSVAR\BC31\DEMOUNIN\UNINST.EXE

Trace.Known Threat Sources
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\41ERW5MR\check[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\4X4FSVCV\bullet-arrow[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\IXDM3ITW\bottomrightclickbox[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\IXDM3ITW\toprightinsidebox[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\PZVB9L8E\maincat[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\9HIFK1MR\titleheaderbg[1].jpg
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\IXDM3ITW\toprightgraybox[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\9HIFK1MR\bottomtitleheader[1].jpg
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\IXDM3ITW\line-divider[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\PZVB9L8E\go[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\4X4FSVCV\toprightclickbox[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\4X4FSVCV\divider[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\PZVB9L8E\image-bottom[1].jpg
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\PZVB9L8E\topleftclickbox[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\9HIFK1MR\bottomleftclickbox[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\9HIFK1MR\bottomleftgraybox[1].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\4X4FSVCV\image-top[1].jpg
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\0XIJGTYN\spacer[5].gif
    C:\Documents and Settings\Kamille\Skrivebord\Kamille-Data på Lacer-05aksc\Documents and settings\Kamille\Lokale innstillinger\Temporary Internet Files\Content.IE5\5SKFX5OD\bottomleftinsidebox[1].gif




ComboFix 08-08-18.05 - Kamille 2008-08-19 17:35:50.2 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.158 [GMT 2:00]
Running from: C:\Documents and Settings\Kamille\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Kamille\UserData
C:\Documents and Settings\Kamille\UserData\index.dat
C:\WINDOWS\system32\UpMedia

.
(((((((((((((((((((((((((  Files Created from 2008-07-19 to 2008-08-19  )))))))))))))))))))))))))))))))
.

2008-08-18 22:28 . 2008-08-18 22:28    <DIR>    d--------    C:\Programmer\CCleaner
2008-08-18 22:27 . 2008-08-18 22:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-18 22:26 . 2008-08-18 22:27    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-08-18 22:26 . 2008-08-18 22:27    <DIR>    d--------    C:\Documents and Settings\Kamille\Application Data\SUPERAntiSpyware.com
2008-08-18 22:25 . 2008-08-18 22:25    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-08-01 21:29 . 2008-08-01 21:29    268    --ah-----    C:\sqmdata01.sqm
2008-08-01 21:29 . 2008-08-01 21:29    244    --ah-----    C:\sqmnoopt01.sqm

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\system32\es.dll
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:24    74,240    ----a-w    C:\WINDOWS\system32\mscms.dll
2008-06-24 16:24    74,240    ----a-w    C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:49    18,432    ----a-w    C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:42    246,784    ----a-w    C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42    246,784    ----a-w    C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42    148,992    ----a-w    C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:00    272,256    ------w    C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-25 06:57    44,608    ----a-w    C:\Documents and Settings\Kamille\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2004-12-21 12:41 176128]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 05:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FÆLLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Firewall Client Management.lnk - C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 19:04:10 117568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Gyldendals Røde Ordbøger.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Gyldendals Røde Ordbøger.lnk
backup=C:\WINDOWS\pss\Gyldendals Røde Ordbøger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-27 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epm-dm]
--a------ 2004-12-21 12:41 176128 c:\Acer\ePM\EPM-DM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
--a------ 2004-12-08 14:01 2889216 C:\Acer\ePM\ePM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-10-02 14:19 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-10-02 14:37 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-27 05:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
--------- 2002-10-14 15:07 57344 C:\Programmer\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2004-10-01 16:46 262144 C:\PROGRA~1\LAUNCH~1\LManager.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-03-19 00:39 184320 C:\Programmer\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-27 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-27 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-27 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-21 11:52 40960 C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-08-12 15:12 684032 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-08-12 15:13 102400 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 C:\Programmer\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Programmer\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-07-22 13:38 88361 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-27 17:01 68096 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\MSMSGS.EXE"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-09-02 17:27]
R2 FwcAgent;Firewall Client Agent;C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 19:04]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23]
S2 q333bluoze;Print Spooler Service;C:\WINDOWS\system32\rofzh.exe []
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85d08b8f-6bf5-11dc-a0f7-000fb07c753a}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-19 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmer\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-05-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
MSConfigStartUp-vptray - C:\PROGRA~1\SYMANT~1\VPTray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kamille\Application Data\Mozilla\Firefox\Profiles\dvlp6t7f.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 17:37:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-19 17:37:53
ComboFix-quarantined-files.txt  2008-08-19 15:37:52

Pre-Run: 2,525,790,208 byte ledig
Post-Run: 2,529,902,592 byte ledig

171    --- E O F ---    2008-08-19 14:39:24



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:05, on 19-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\eManager\anbmServ.exe
C:\acer\epm\epm-dm.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kamille\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.16.110:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Print Spooler Service (q333bluoze) - Unknown owner - C:\WINDOWS\system32\rofzh.exe (file missing)

--
End of file - 4946 bytes
Avatar billede Computer Hjælp (Gratis) Mester
19. august 2008 - 18:47 #1
Er det en Server du har ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe

http://www.microsoft.com/downloads/details.aspx?familyid=05c2c932-b15a-4990-b525-66380743da89&displaylang=en

--------

Afinstall
* QUICKfind

--------

Du ku' ta' en tur med dette ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Avatar billede jk- Nybegynder
19. august 2008 - 19:33 #2
nej! ;)

Det er en bærbar der er 4 år gammel
Avatar billede jk- Nybegynder
19. august 2008 - 19:35 #3
Jeg har kørt cc-cleaner ! Glemte jeg at skrive!

Kører lige Malware antibytes
Avatar billede jk- Nybegynder
19. august 2008 - 20:25 #4
Malwarebytes' Anti-Malware 1.25
Database version: 1071
Windows 5.1.2600 Service Pack 2

20:25:26 19-08-2008
mbam-log-08-19-2008 (20-25-26).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 113920
Tid tilbagelagt: 28 minute(s), 1 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
Avatar billede jk- Nybegynder
19. august 2008 - 20:26 #5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:05, on 19-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\eManager\anbmServ.exe
C:\acer\epm\epm-dm.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kamille\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.16.110:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Print Spooler Service (q333bluoze) - Unknown owner - C:\WINDOWS\system32\rofzh.exe (file missing)

--
End of file - 4944 bytes
Avatar billede Computer Hjælp (Gratis) Mester
19. august 2008 - 21:26 #6
Hmmm... Jeg kender ikke lige denne [Microsoft Firewall Client 2004] og hvordan den opfører sig på en alm. bærbar...

------------------------------------------------------------------------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten (Hvis den er der)
* Print Spooler Service (q333bluoze)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Lidt generel oprydning.

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe

O23 - Service: Print Spooler Service (q333bluoze) - Unknown owner - C:\WINDOWS\system32\rofzh.exe (file missing)

Genstart normalt...

------------------------------------------------------------------------

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da + efterfølgende WindowsUpdate http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da - Du mangler vist en hel del.
Også selvom du bruger Firefox !!!
Avatar billede johnstigers Seniormester
20. august 2008 - 10:57 #7
Husk også lige antivirus!!!
Avatar billede jk- Nybegynder
29. august 2008 - 01:27 #8
Så har jeg fixet de objekter du har skrevet, installeret SP3, og lagt antivirus ind ! Og her er loggen;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:27:21, on 29-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\acer\epm\epm-dm.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kamille\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.16.110:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 4725 bytes



Er vi så ved at være der? ;)
Avatar billede Computer Hjælp (Gratis) Mester
29. august 2008 - 07:48 #9
BINGO - og du er jo fuldt opdateret!!!

Jo - du er i mål = 'ren' ...
Avatar billede jk- Nybegynder
29. august 2008 - 08:08 #10
Tak for din hjælp Karise_Larry :)
Sætter sQ pris på din hjælp!

Håber du får en god weekend! Velfortjente point til dig!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »