Avatar billede tct Nybegynder
18. februar 2006 - 17:20 Der er 26 kommentarer og
1 løsning

tjek af hijackthis log

Hej

Er der en der gider tjekke denne log? Computeren kører mega langsom!

Logfile of HijackThis v1.99.1
Scan saved at 17:19:06, on 18/02/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System\msveup.exe
C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\windows\winsysban9.exe
C:\WINDOWS\System32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Programmer\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Thue Thomsen\Skrivebord\hjt.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programmer\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [.mscsbl] C:\WINDOWS\system\svhost.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [.msfupdate] C:\WINDOWS\System\msveup.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\RunServices: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\RunServices: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [AutoExit] C:\Programmer\ASoft\AutoExit\AutoExit.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120331415265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\mvn8l95u1.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
18. februar 2006 - 18:24 #1
Kender du denne artikel ->
"Ubeskyttede pc’er holder i 20 minutter" ->
http://forum.mib-eu.dk/forum_posts.asp?TID=44

Det ka' du så bekræfte nu - der er >10 'snavs' elementer i din LOG...

Jeg vil dog lade andre HiJackThis 'freaks' følge op...
Avatar billede var Nybegynder
19. februar 2006 - 18:22 #2
Hent SP1 og følg derefter denne anvisning
http://www.eksperten.dk/artikler/755
Avatar billede tct Nybegynder
20. februar 2006 - 17:09 #3
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            16:49:56, 20-02-2006
+ Rapport-Checksum:        5AB85986

+ Scanningsresultat:
    HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
    HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
    HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore : Renset med backup
    HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-21-790525478-602162358-725345543-500\Software\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-21-790525478-602162358-725345543-500\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-21-790525478-602162358-725345543-500\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
    [724] C:\WINDOWS\system32\cxmcat.dll -> Adware.Look2Me : Fejl under renselse
    :mozilla.48:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Ivwbox : Renset med backup
    :mozilla.67:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.68:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.102:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.103:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.104:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.105:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.107:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.108:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.109:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.110:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.121:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.134:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.135:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.144:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.149:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Yadro : Renset med backup
    :mozilla.233:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.263:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    ->  : Fejl under renselse
    :mozilla.269:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.270:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.271:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.272:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.301:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.302:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.303:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.304:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.308:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.325:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.355:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.363:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Esomniture : Renset med backup
    :mozilla.369:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.374:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.376:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.377:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.387:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.388:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.389:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.394:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.397:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.398:C:\Documents and Settings\Thue Thomsen\Application Data\Mozilla\Firefox\Profiles\jkm1otoq.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@adtech[1].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@burstnet[1].txt -> TrackingCookie.Burstnet : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@clickbank[2].txt -> TrackingCookie.Clickbank : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@hitbox[2].txt -> TrackingCookie.Hitbox : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@statcounter[1].txt -> TrackingCookie.Statcounter : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@tahitiannoniintl.122.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Cookies\thue thomsen@targetnet[2].txt -> TrackingCookie.Targetnet : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Lokale indstillinger\Temp\Cookies\thue thomsen@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Lokale indstillinger\Temp\Cookies\thue thomsen@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Lokale indstillinger\Temp\Cookies\thue thomsen@mediaplex[2].txt -> TrackingCookie.Mediaplex : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Lokale indstillinger\Temp\VVSNInst.#xe -> Adware.SaveNow : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\B6X0XBRR\2[1].htm -> Trojan.IEstart.f : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\G5Z42295\4[1].htm -> Trojan.IEstart.f : Renset med backup
    C:\Documents and Settings\Thue Thomsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\NZTVB5OW\AppWrap[1].#xe -> Adware.Zestyfind : Renset med backup
    C:\drsmartload1.#xe -> Downloader.VB.wr : Renset med backup
    C:\Installer.#xe -> Adware.Look2Me : Renset med backup
    C:\Programmer\Fælles filer\qqof\qqofl.#xe -> Downloader.TSUpdate.p : Renset med backup
    C:\Programmer\Fælles filer\qqof\qqofp.#xe -> Downloader.TSUpdate.f : Renset med backup
    C:\Programmer\TheSearchAccelerator -> Adware.UCmore : Renset med backup
    C:\Programmer\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : Renset med backup
    C:\Programmer\TheSearchAccelerator\IUCmore.#ll -> Adware.UCmore : Renset med backup
    C:\Programmer\TheSearchAccelerator\logo.ico -> Adware.UCmore : Renset med backup
    C:\Programmer\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : Renset med backup
    C:\Programmer\TheSearchAccelerator\UCMTSAIE.#ll -> Adware.UCmore : Renset med backup
    C:\Programmer\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : Renset med backup
    C:\stub_113_4_0_4_0.#xe -> Downloader.TSUpdate.o : Renset med backup
    C:\ucmoreiex.#xe/UCMTSAIE.DLL -> Adware.Ucmore : Renset med backup
    C:\ucmoreiex.#xe/IUCMORE.DLL -> Adware.Ucmore : Renset med backup
    C:\WINDOWS\iconu.#xe -> Adware.Zestyfind : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5AFCDAF\drsmartload[1].#xe -> Downloader.VB.wr : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5AFCDAF\ucmoreiex[1].#xe/UCMTSAIE.DLL -> Adware.Ucmore : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5AFCDAF\ucmoreiex[1].#xe/IUCMORE.DLL -> Adware.Ucmore : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\CDMJGTMV\Installer[1].#xe -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\KXM3OLEN\stub_113_4_0_4_0[1].#xe -> Downloader.TSUpdate.o : Renset med backup
    C:\WINDOWS\system32\cxmcat.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\fpl8033ue.#ll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\Temp\bw2.#om -> Adware.Zestyfind : Renset med backup
    C:\WINDOWS\Temp\Cookies\thue thomsen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup


::Rapport slut

Dr.Web® Scanner for Windows v4.33 (4.33.0.09293)
Copyright © Igor Daniloff, 1992-2005
Log generated on: 2006-02-19, 21:15:04 [THOMSEN][Administrator]
Command-line options: /tb /ts /pr /cu /icd /cnd /spr /upn /lng

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 85547
Infected objects found: 20
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 33
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 20
Objects renamed: 33
Objects moved: 0
Objects ignored: 0
Scan speed: 584 Kb/s
Scan time: 01:30:57
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 85634
Infected objects found: 20
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 36
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 23
Objects renamed: 33
Objects moved: 0
Objects ignored: 0
Scan speed: 586 Kb/s
Scan time: 01:31:21

Logfile of HijackThis v1.99.1
Scan saved at 17:08:42, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Thue Thomsen\Skrivebord\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [.mscsbl] C:\WINDOWS\system\svhost.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\RunServices: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\RunServices: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [AutoExit] C:\Programmer\ASoft\AutoExit\AutoExit.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120331415265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\m8ls0i37e8.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Avatar billede var Nybegynder
20. februar 2006 - 17:22 #4
du har vist kommet til at hente sp2 ved en fejl.. men lad os starte med at fixe..

nt L2mfix.exe fra et af disse steder:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Gem filen på dit Skrivebord og dobbeltklik på l2mfix.exe. Klik på Install knappen og følg instruktionerne. Åben herefter den nye mappe der er dannet på dit Skrivebord (l2mfix). Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Kopier indholdet herind.

NB: Du må ikke køre option 2 eller andre af filerne i l2mfix mappen, før du er blevet bedt om det
Avatar billede var Nybegynder
20. februar 2006 - 17:27 #5
og jeg kan se du kører med et program der hedder Neotrace it..
Jeg håber at du ved hvad programmet er til.. og at du ikke bruger det til noget ulovligt..
Avatar billede tct Nybegynder
20. februar 2006 - 17:44 #6
Tak for din hjælp!!! Hvordan kan Neotrace bruges ulovligt?

Her er loggen!

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m8ls0i37e8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5FBE9989-12BD-3575-1BD8-F4E8CBBA7DBD}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmapper"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{5E7D9611-0A92-11D6-BCC6-C117EB0C4E52}"="RStudio Menu Handler"
"{3C7BE262-0E51-11D6-BCC6-A29C3C5B2152}"="R-Undelete"
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Skrifttyper"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internetv‘rkt›jslinje"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Status for hentning"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webs›gning"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Redigeringsboks til adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menuen Offlinefiler"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Indstillinger for mappen Offlinefiler"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{11FA7E83-5296-4469-896E-76579178744D}"=""
"{4D7764AA-F656-4308-8E5F-7B7A5115F14E}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Egenskabsside for tidligere versioner"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Tidligere versioner"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{81A738B2-F3F9-4847-99E1-83258193998D}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}\InprocServer32]
@="C:\\WINDOWS\\system32\\nhwdmcpl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}\InprocServer32]
@="C:\\WINDOWS\\system32\\cwl3d32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}\InprocServer32]
@="C:\\WINDOWS\\system32\\cxmcat.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
  atmtd.dll      Fri 17 Feb 2006  22:24:48  A....        687,592  671.48 K
  cwl3d32.dll    Mon 20 Feb 2006  17:27:50  .....        237,029  231.47 K
  e0jmla~1.dll  Mon 20 Feb 2006  17:27:50  ..S.R        233,803  228.32 K
  i4240e~1.dll  Mon 20 Feb 2006  16:52:14  ..S.R        233,460  227.99 K
  m8ls0i~1.dll  Sun 19 Feb 2006  21:05:46  ..S.R        237,029  231.47 K
  sirenacm.dll  Wed 14 Dec 2005  9:24:42  A....        118,784  116.00 K

6 items found:  6 files (3 H/S), 0 directories.
  Total of file sizes:  1,747,697 bytes      1.66 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
  __dele~1.tmp  Mon 20 Feb 2006  17:31:50  A....        237,029  231.47 K

1 item found:  1 file, 0 directories.
  Total of file sizes:  237,029 bytes    231.47 K
**********************************************************************************
Directory Listing of system files:
Disken i drev C har ikke noget navn.
Diskens serienummer er 04CE-B05E

Indhold af C:\WINDOWS\System32

20/02/2006  17:33    <DIR>          dllcache
20/02/2006  17:27          233,803 e0jmla111d.dll
20/02/2006  16:52          233,460 i4240efqeh2e0.dll
19/02/2006  21:05          237,029 m8ls0i37e8.dll
05/06/2005  12:00                56 27E5BBE612.sys
05/06/2005  12:00            1,682 KGyGaAvL.sys
08/11/2004  20:45    <DIR>          Microsoft
              5 fil(er)          706,030 byte
              2 mappe(r)  34,003,800,064 byte ledig
Avatar billede var Nybegynder
20. februar 2006 - 17:50 #7
den neotrace jeg kender er et program som søger efter ip adresser.. men lad os komme videre ;)

Luk alle programmer - du vil om lidt blive bedt om at genstarte din computer.

Fra mappen l2mfix skal du køre l2mfix.bat igen - denne gang skal du vælge option 2 (Run Fix). Så går processen i gang. Dit skrivebord og ikoner vil forsvinde en tid. L2Mfix vil fortsætte med at scanne din computer, og når den er færdig vil den være klar til en genstart. Tryk en taste for at genstarte. Efter genstarten, vil Notepad åbnes med en ny log. Kopiér indholdet af denne log ind i denne tråd. sammen med en ny HijackThis log..
Avatar billede tct Nybegynder
20. februar 2006 - 18:04 #8
L2mfix 010406
Creating Account.
Kommandoen blev udf›rt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX  ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
    zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
  adding: backregs/notibac.reg (164 bytes security) (deflated 87%)

Logfile of HijackThis v1.99.1
Scan saved at 18:03:20, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Thue Thomsen\Skrivebord\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [.mscsbl] C:\WINDOWS\system\svhost.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\RunServices: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\RunServices: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [AutoExit] C:\Programmer\ASoft\AutoExit\AutoExit.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120331415265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\m8ls0i37e8.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Avatar billede var Nybegynder
20. februar 2006 - 18:15 #9
Gå til tilføj/fjern programmer og fjern:

TheSearchAccelerator

Genstart

Åbn HIjackThis og tjek disse linier:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [.mscsbl] C:\WINDOWS\system\svhost.exe
O4 - HKLM\..\Run: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\RunServices: [Wins32 Online] cfgpwnz.exe
O4 - HKLM\..\RunServices: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [Microsoft boot system cfg32] actboost.exe
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\m8ls0i37e8.dll

Luk alle vinduer og browsere undtagen HijackThis og klik Fix checked

Genstart i fejlsikret tilstand ( F8 udner opstart )

find og slet disse filer:

C:\Programmer\TheSearchAccelerator <-- Hele mappen
C:\WINDOWS\system\svhost.exe
cfgpwnz.exe
actboost.exe
C:\WINDOWS\system32\m8ls0i37e8.dll

Genstart og kom Med en ny log...
Avatar billede tct Nybegynder
20. februar 2006 - 18:55 #10
Logfile of HijackThis v1.99.1
Scan saved at 18:53:57, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Thue Thomsen\Skrivebord\hjt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [AutoExit] C:\Programmer\ASoft\AutoExit\AutoExit.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120331415265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\k0nola531d.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
20. februar 2006 - 19:44 #11
<fazli>: Denne ser da speciel ud ? ->
O4 - HKLM\..\Run: [Microsoft boot system cfg32] actboost.exe
Ref.: http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.r.html
samt
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\k0nola531d.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe (file missing)

<tct>: Der er mere 'snavs' endnu...
Avatar billede tct Nybegynder
20. februar 2006 - 19:47 #12
skal jeg "fixe" dem du har skrevet?
Avatar billede tct Nybegynder
20. februar 2006 - 20:03 #13
der er stadigvæk snavs

Logfile of HijackThis v1.99.1
Scan saved at 20:03:16, on 20/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Thue Thomsen\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [AutoExit] C:\Programmer\ASoft\AutoExit\AutoExit.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120331415265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en24l1fq1.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
20. februar 2006 - 20:14 #14
... lad <fazli> køre showet videre...
Avatar billede var Nybegynder
21. februar 2006 - 15:54 #15
ja ja ja.. :) rolig nu hehe.. men hvis du lægger godt mærke til det så er den der 020 linie lige dukket op.. :)

men lad os fortsætte.. :)

Åbn mappen l2mfix. Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Kopier indholdet herind.

Klik Start > Kør Og skriv services.msc...  find Denne service:

"Command Service"

Dobble klik på den. Klik Stop For at stoppe servicen..  Ved starttype skal du vælge Deaktiveret.

Klik anvend og derefter OK

Åbn Hijackthis og klik på misc. tools, Klik derefter "delete an nt service".
Skriv "cmdservice" og klik OK.

Åbn HIjackThis og tjek disse linier:

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en24l1fq1.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGh1ZSBUaG9tc2Vu\command.exe (file missing)

Luk alle vinduer og browsere undtagen HijackThis og klik Fix checked

Genstart i fejlsikret tilstand ( F8 udner opstart )

find og slet disse filer ( via start --> søg ):

C:\WINDOWS\system32\en24l1fq1.dll
C:\WINDOWS\VGh1ZSBUaG9tc2Vu <--- Hele mappen

Genstart og kom med loggen fra HijackThis og loggen fra L2mfix ;)
Avatar billede tct Nybegynder
21. februar 2006 - 16:52 #16
Logfile of HijackThis v1.99.1
Scan saved at 16:49:21, on 21/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Thue Thomsen\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [AutoExit] C:\Programmer\ASoft\AutoExit\AutoExit.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120331415265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\lv8609lse.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en84l1lq1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5FBE9989-12BD-3575-1BD8-F4E8CBBA7DBD}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmapper"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{5E7D9611-0A92-11D6-BCC6-C117EB0C4E52}"="RStudio Menu Handler"
"{3C7BE262-0E51-11D6-BCC6-A29C3C5B2152}"="R-Undelete"
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Skrifttyper"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internetv‘rkt›jslinje"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Status for hentning"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webs›gning"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Redigeringsboks til adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menuen Offlinefiler"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Indstillinger for mappen Offlinefiler"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{11FA7E83-5296-4469-896E-76579178744D}"=""
"{4D7764AA-F656-4308-8E5F-7B7A5115F14E}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Egenskabsside for tidligere versioner"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Tidligere versioner"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{81A738B2-F3F9-4847-99E1-83258193998D}"=""
"{BA94ED53-46F9-45CF-BD24-F6FD44118815}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA7E83-5296-4469-896E-76579178744D}\InprocServer32]
@="C:\\WINDOWS\\system32\\nhwdmcpl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D7764AA-F656-4308-8E5F-7B7A5115F14E}\InprocServer32]
@="C:\\WINDOWS\\system32\\cpsbrkr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81A738B2-F3F9-4847-99E1-83258193998D}\InprocServer32]
@="C:\\WINDOWS\\system32\\cxmcat.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BA94ED53-46F9-45CF-BD24-F6FD44118815}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA94ED53-46F9-45CF-BD24-F6FD44118815}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA94ED53-46F9-45CF-BD24-F6FD44118815}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA94ED53-46F9-45CF-BD24-F6FD44118815}\InprocServer32]
@="C:\\WINDOWS\\system32\\cnm.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
  atmtd.dll      Fri 17 Feb 2006  22:24:48  A....        687,592  671.48 K
  cnm.dll        Mon 20 Feb 2006  18:34:48  ..S.R        237,029  231.47 K
  cpsbrkr.dll    Tue 21 Feb 2006  16:19:02  .....        233,758  228.28 K
  e0jmla~1.dll  Mon 20 Feb 2006  17:27:50  ..S.R        233,803  228.32 K
  en84l1~1.dll  Mon 20 Feb 2006  19:54:58  ..S.R        233,758  228.28 K
  i4240e~1.dll  Mon 20 Feb 2006  16:52:14  ..S.R        233,460  227.99 K
  s288lc~1.dll  Tue 21 Feb 2006  15:22:30  ..S.R        235,179  229.66 K
  sirenacm.dll  Wed 14 Dec 2005  9:24:42  A....        118,784  116.00 K

8 items found:  8 files (5 H/S), 0 directories.
  Total of file sizes:  2,213,363 bytes      2.11 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
  __dele~1.tmp  Tue 21 Feb 2006  16:22:08  A....        233,758  228.28 K

1 item found:  1 file, 0 directories.
  Total of file sizes:  233,758 bytes    228.28 K
**********************************************************************************
Directory Listing of system files:
Disken i drev C har ikke noget navn.
Diskens serienummer er 04CE-B05E

Indhold af C:\WINDOWS\System32

21/02/2006  16:28    <DIR>          dllcache
21/02/2006  15:22          235,179 s288lclu1fq8.dll
20/02/2006  19:54          233,758 en84l1lq1.dll
20/02/2006  18:34          237,029 cnm.dll
20/02/2006  17:27          233,803 e0jmla111d.dll
20/02/2006  16:52          233,460 i4240efqeh2e0.dll
05/06/2005  12:00                56 27E5BBE612.sys
05/06/2005  12:00            1,682 KGyGaAvL.sys
08/11/2004  20:45    <DIR>          Microsoft
              7 fil(er)        1,174,967 byte
              2 mappe(r)  33,966,178,304 byte ledig
Avatar billede var Nybegynder
21. februar 2006 - 17:20 #17
Åbn HIjackThis og tjek denne linie:

O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\lv8609lse.dll

Luk alle vinduer og browsere undtagen HijackThis og klik Fix checked

Genstart i fejlsikret tilstand ( F8 udner opstart )

find og slet disse filer ( via start --> søg ):

C:\WINDOWS\system32\lv8609lse.dll

Luk alle programmer - du vil om lidt blive bedt om at genstarte din computer.

Fra mappen l2mfix skal du køre l2mfix.bat igen - denne gang skal du vælge option 2 (Run Fix). Så går processen i gang. Dit skrivebord og ikoner vil forsvinde en tid. L2Mfix vil fortsætte med at scanne din computer, og når den er færdig vil den være klar til en genstart. Tryk en taste for at genstarte. Efter genstarten, vil Notepad åbnes med en ny log. Kopiér indholdet af denne log ind i denne tråd. sammen med en ny HijackThis log..
Avatar billede var Nybegynder
21. februar 2006 - 17:32 #18
Følg derefter straks disse intrukser:

Hent Look2Me-Destroyer herfra:

http://www.atribune.org/ccount/click.php?id=7

og gem værktøjet på dit Skrivebord.

Luk alle åbne programvinduer - inklusiv Internet Explorer.

Dobbeltklik på Look2Me-Destroyer, sæt et flueben i "Run this program as a task". Du får en meddelelse om, at Look2Me-Destroyer vil lukke og åbne efter 10 sekunder - klik på OK.

Når Look2Me-Destroyer genåbner - klik på "Scan for L2M" - dine ikoner forsvinder - klik "Remove L2M". Klik OK når du får meddelelsen "Done scanning".

Nu får du meddelelsen "Done removing infected files!". Programmet vil lukke din computer - klik OK. Nu skal du finde filen C:\Look2Me-Destroyer.txt og kopiere indholdet herind, sammen med en frisk HijackThis log.

Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.

Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

og placere den i mappen C:\Windows\System32 Directory.

Kom med en ny HijackThis log.. :)
Avatar billede tct Nybegynder
21. februar 2006 - 18:05 #19
Look2Me-Destroyer V1.0.6

Scanning for infected files.....
Scan started at 21-02-2006 17:53:17

Infected! C:\WINDOWS\system32\o6pqlg7516.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001043.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001047.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001161.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001172.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001189.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001190.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001203.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001204.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001208.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001220.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001238.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001239.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001255.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001256.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001260.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001273.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001274.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001286.dll
Infected! C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001299.dll
Infected! C:\WINDOWS\system32\azmpvcno.dll
Infected! C:\WINDOWS\system32\cnm.dll
Infected! C:\WINDOWS\system32\dtsshlex.dll
Infected! C:\WINDOWS\system32\e0jmla111d.dll
Infected! C:\WINDOWS\system32\i4240efqeh2e0.dll
Infected! C:\WINDOWS\system32\k608lgdu1608.dll
Infected! C:\WINDOWS\system32\o0rola931d.dll
Infected! C:\WINDOWS\system32\o6pqlg7516.dll
Infected! C:\WINDOWS\system32\q6rqlg9516.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\o6pqlg7516.dll
C:\WINDOWS\system32\o6pqlg7516.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001043.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001043.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001047.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001047.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001161.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001161.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001172.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001172.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001189.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001189.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001190.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001190.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001203.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001203.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001204.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001204.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001208.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001208.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001220.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP1\A0001220.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001238.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001238.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001239.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001239.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001255.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001255.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001256.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001256.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001260.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001260.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001273.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001273.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001274.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001274.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001286.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001286.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001299.dll
C:\System Volume Information\_restore{E7C71D7C-0A57-45C3-B63E-ABB2BD962170}\RP2\A0001299.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azmpvcno.dll
C:\WINDOWS\system32\azmpvcno.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cnm.dll
C:\WINDOWS\system32\cnm.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dtsshlex.dll
C:\WINDOWS\system32\dtsshlex.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e0jmla111d.dll
C:\WINDOWS\system32\e0jmla111d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i4240efqeh2e0.dll
C:\WINDOWS\system32\i4240efqeh2e0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k608lgdu1608.dll
C:\WINDOWS\system32\k608lgdu1608.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o0rola931d.dll
C:\WINDOWS\system32\o0rola931d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o6pqlg7516.dll
C:\WINDOWS\system32\o6pqlg7516.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q6rqlg9516.dll
C:\WINDOWS\system32\q6rqlg9516.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratorer - Succeeded


Logfile of HijackThis v1.99.1
Scan saved at 18:05:28, on 21/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmer\Medionkeyboard\1.3\KbdAp32A.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Thue Thomsen\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [AutoExit] C:\Programmer\ASoft\AutoExit\AutoExit.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120331415265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Avatar billede tct Nybegynder
21. februar 2006 - 18:14 #20
jeg vil da gerne sige rigtig mange tak for hjælpen... Hvor langt er vi??? Jeg er ved at have dårlige naver!!!!
Avatar billede var Nybegynder
22. februar 2006 - 14:33 #21
Vi er så god som færdige.. :)

Du kan godt fjerne :
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
via Hijackthis ellers er du renset.. Hehe..

OPlever du ellers nogle problemer?
Avatar billede tct Nybegynder
22. februar 2006 - 15:11 #22
mange mange tak for din hjælp!!!! Der er ingen problemer nu!
Avatar billede ejvindh Ekspert
22. februar 2006 - 18:28 #23
Fazli: Der mangler lige en enkelt:
http://castlecops.com/o23list-1610.html

...men i øvrigt fint arbejde med den l2m-infektion. Det er én af de svære ;-)
Avatar billede var Nybegynder
23. februar 2006 - 13:03 #24
hej ejvind og tak.. i hvor ser du den?
Avatar billede ejvindh Ekspert
23. februar 2006 - 13:05 #25
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)

...og du skal ikke lade dig narre af, at der står (file missing) -- det gør der ofte ved O23-linierne, selvom det ikke er tilfældet.
Avatar billede var Nybegynder
23. februar 2006 - 13:05 #26
nå ja. hov.. den er der.. :)

Klik Start > Kør Og skriv services.msc...  find Denne service:

"Network Monitor"

Dobble klik på den. Klik Stop For at stoppe servicen..  Ved starttype skal du vælge Deaktiveret.

Klik anvend og derefter OK

Åbn HIjackThis og tjek denne linie:

O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)

Luk alle vinduer og browsere undtagen HijackThis og klik Fix checked

kom med en ny log.. :)
Avatar billede var Nybegynder
23. februar 2006 - 13:08 #27
find og slet

C:\Programmer\Network Monitor <-- hele mappen skal slettes!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester