Avatar billede monsterdk Novice
01. august 2006 - 21:37 Der er 40 kommentarer og
1 løsning

Hijack this log jeg gerne vil ha kigget på.

Er der nogle der lige gider rende den her igennem og fortælle mig hvad der skal gøres. det er min itanalfabet af en storebrors! :-D
Avatar billede monsterdk Novice
01. august 2006 - 21:37 #1
Logfile of HijackThis v1.99.1
Scan saved at 21:35:14, on 01-08-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Winamp\winampa.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SpamBlockerUtility\Bin\4.8.0.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\480~1.0\SBInst.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\l?gonui.exe
C:\Programmer\ncwd\oeue.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\PROGRA~1\FLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\RECYCLER\service.exe
C:\RECYCLER\service.exe
C:\Programmer\Flles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Flles filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\SpamBlockerUtility\Bin\4.8.0.0\SbSrv.exe
D:\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {295B953F-50D5-0725-A1EA-01D5FD27E3E8} - C:\WINDOWS\System32\nio.dll
R3 - URLSearchHook: (no name) - {2F57CE61-028A-5628-A1EA-01D5FD27E3E9} - C:\WINDOWS\System32\nio.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295B953F-50D5-0725-A1EA-01D5FD27E3E8} - C:\WINDOWS\System32\nio.dll
O2 - BHO: (no name) - {2F57CE61-028A-5628-A1EA-01D5FD27E3E9} - C:\WINDOWS\System32\nio.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programmer\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programmer\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\Run: [MCX Updte] scorti.exe
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Programmer\SpamBlockerUtility\Bin\4.8.0.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\480~1.0\SBInst.exe
O4 - HKLM\..\Run: [twzuufbq] C:\WINDOWS\System32\soagvkcn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programmer\SpamBlockerUtility\Bin\4.8.0.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [MCX Updte] scorti.exe
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mgghaa] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Idua] "C:\Programmer\ncwd\oeue.exe" -vt mt
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: bn billede i &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1030\phdintl.dll/phdContext.htm
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\service.exe
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\service.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Flles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
01. august 2006 - 22:16 #2
Puha - der er jo lidt af hvert...

Denne her ser jo eksempelvis "sjov ud" -> C:\RECYCLER\service.exe

Rul resten af proceduren herfra ->
http://www.eksperten.dk/artikler/954
(Incl ny HiJackThis Log...)

(Ikke nødvendigvis mig der følger op...)
Avatar billede johnstigers Seniormester
02. august 2006 - 12:21 #3
dr1> den der "sjove" fil er en slettet fil der ligger i papirkurven :)
02. august 2006 - 15:41 #4
... men der bliver jo startet !!!

O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\service.exe
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\service.exe

Og HiJackThis siger/skriver ikke (File Missing) ...
Avatar billede johnstigers Seniormester
02. august 2006 - 20:33 #5
http://spywarefri.dk/forum/topic.asp?ARCHIVE=true&whichpage=1&TOPIC_ID=8136&#60021

Her renses den ikke, men kan ikke finde ud af hvad det er for en den fil...
02. august 2006 - 21:00 #6
Jeg vil mene at den SKAL VÆK !!! Bare placeringen/navnet 'lugter' ...
02. august 2006 - 21:01 #7
Men la' os lige få <monsterdk> på banen igen...
Avatar billede johnstigers Seniormester
02. august 2006 - 21:02 #8
Og jeg siger at fixer eksperterne fra spywarefri den ikke, så er den legal.
02. august 2006 - 21:15 #9
... hvorfor ligger den så i C:\RECYCLER\ ? OG er i brug ifølge HiJackThis loggen ?
Avatar billede monsterdk Novice
02. august 2006 - 21:22 #10
ja så kunne jeg være der. ikke nemt når man skal vente på at den anden også for tid! :-D

WinVNC4.exe;C:\Programmer\RealVNC\VNC4;Program.RemoteAdmin;;
WinCommX.#ll;C:\WINDOWS\Downloaded Program Files;Adware.Winad;Renamed.;
HbInstIE.#ll;C:\WINDOWS\Downloaded Program Files;Adware.Hotbar;Renamed.;
HDPlugin1101.#ll;C:\WINDOWS\Downloaded Program Files;Adware.Gator;Renamed.;
service.#xe;C:\RECYCLER;Tool.SrvRunner;Renamed.;
rs.#xe;C:\Documents and Settings\Johnny Steffensen\Lokale indstillinger\Temp;Adware.ClickSpring;Renamed.;
apmt.#xe;C:\Documents and Settings\Johnny Steffensen\Application Data;Adware.ClickSpring;Renamed.;


-------------------------------------


SUPERAntiSpyware Scan Log
Generated 08/02/2006 at 11:15 AM

Core Rules Database Version : 3037
Trace Rules Database Version: 1096

Memory threats detected  : 0
Registry threats detected : 33
File threats detected    : 210

Adware.Tracking Cookie
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adultfriendfinder[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ads.skisport[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@globalstat[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@yadro[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@atwola[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@hotlog[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ifriends[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@indextools[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.clickedyclick[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@server.iad.liveperson[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@webpower[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@belnk[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@realmedia[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@banner3.inet-traffic[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@mediaplex[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad.yieldmanager[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adserver.etrafik[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adserver.banneradministration[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@spylog[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.countercentral[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@smileycentral[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ads.pointroll[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@LPplayersonly[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad.ofir[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cassava[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@7372395[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@73033887[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@e2.emediate[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@mb[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cgi-bin[5].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@xxxcounter[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@list[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.nabosex[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad1.emediate[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@sel.as-eu.falkag[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.clickski[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@tradedoubler[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@revenue[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@perf.overture[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@click.tdc-online[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@xxxsex[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@dist.belnk[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@xxxvideo[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.webstat[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adopt.hbmediapro[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@dk[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@creativeby.viewpoint[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@dansk.xxxmovieonline[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cgi-bin[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@serving-sys[4].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@oinadserve[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@http.edge.vru4[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@zedo[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@sex[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@xiti[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@tribalfusion[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.livewebstats[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@as1.falkag[5].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@track.adform[4].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ilead.itrack[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@statcounter[4].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@2o7[4].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.sex-sex-sex[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@tdstats[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@programs.wegcash[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adtech[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@c.goclick[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@click.beastplayers[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adopt.euroclick[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@pinnaclesystems.122.2o7[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@stat.postdanmark[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.animalsex[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@bs.serving-sys[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@pacificpoker[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cgi-bin[8].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@sport[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@tacoda[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@qksrv[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@sport-be[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@c.enhance[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.lagoonsex[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@indexstats[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@search.starware[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@82763522[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ostg.112.2o7[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ex=1_[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.xxxmaturepost[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@toplist[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@tripod[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@paycounter[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cgi-bin[7].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@pacificpoker[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@xml.bravenetmedianetwork[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@questionmarket[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@basic[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ads.globalsportsmedia[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@icc.intellisrv[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.888[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@overture[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adfair[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@c2.zedo[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@data3.perf.overture[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@premiumtv.122.2o7[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@stat.onestat[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@stats1.reliablestats[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@55982861[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@valueclick[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@112.2o7[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@nbcuniversal.122.2o7[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@1067189903[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cs.sexcounter[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@webstats4u[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@as-eu.falkag[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@image.masterstats[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@go.winantivirus[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad.adtoma[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@a[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@apmebf[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@banner.cdpoker[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@webstat[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.coversexperts[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@click.cashengines[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@metareward[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@dk.winantivirus[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.clicktoview[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@anad.tacoda[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad.sensismediasmart.com[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@iFriends[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@888[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cbs.112.2o7[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@winantivirus[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@33290757[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@m1.webstats4u[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@hotsex.senasex[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.winantivirus[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@track.adform[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@hitbox[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@as1.falkag[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ilead.itrack[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@track.adform[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad.yieldmanager[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@tradedoubler[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@2o7[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@revenue[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@dist.belnk[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@serving-sys[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@as1.falkag[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@as1.falkag[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@doubleclick[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@statcounter[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@atdmt[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@www.screensavers[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@paycounter[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@hitbox[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@cs.sexcounter[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@c.goclick[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@zedo[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad.yieldmanager[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ad1.emediate[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@atwola[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adultfriendfinder[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@statcounter[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@track.adform[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@webpower[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ads.pointroll[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@serving-sys[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@tradedoubler[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@indextools[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adfair[1].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@webstats4u[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@2o7[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@advertising[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@ilead.itrack[3].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@as-eu.falkag[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adserver.banneradministration[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@stat.onestat[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@server.iad.liveperson[2].txt
    C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@as1.falkag[4].txt

Registry Cleaner Trial
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]

Adware.HotBar/SpamBlockerUtility (Low Risk)
    C:\Documents and Settings\Johnny Steffensen\Application Data\SpamBlocker\{D355CA2A-AF66-49ED-BC6E-D583DF48B833}.dat
    C:\Documents and Settings\Johnny Steffensen\Application Data\SpamBlocker
    C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf
    HKCR\SpamBlockerConfig.Application
    HKCR\SpamBlockerConfig.Application\Clsid
    HKCR\SpamBlockerConfig.Application.1
    HKCR\SpamBlockerConfig.Application.1\Clsid
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048341.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048349.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048353.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048354.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048355.EXE
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048356.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048357.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048359.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048360.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048361.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048364.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048365.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048366.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048367.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048369.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048370.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048372.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048374.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048380.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048381.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048382.dll

Adware.HotBar/ShopperReports (Low Risk)
    HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\ShopperReports
    HKLM\Software\ShopperReports
    HKLM\Software\ShopperReports\ShopperReports
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#IID
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/iid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#reqid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/requestor
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#bannerid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/bannerid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CoPartnerDisp
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CoPartner
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/affid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/directInstall
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/instPartner
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/sp2user
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CID
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#IndCID
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CreateDate
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CreateDateDW
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#cntry_flag
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#GetCountryTime
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#GetCountryTimeText
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#Cntr

Adware.MediaMediatickets
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#{9EB320CE-BE1D-4304-A081-4B4665414BEF}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx [  ]

Adware.ClickSpring/PuritySCAN
    C:\WINDOWS\system32\wnsapisu.exe

Adware.ClickSpring
    C:\Documents and Settings\Johnny Steffensen\Lokale indstillinger\Temp\!update.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048272.EXE
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048313.DLL
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048323.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048403.exe

--------------------------------------

SUPERAntiSpyware Scan Log
Generated 08/02/2006 at 07:54 PM

Core Rules Database Version : 3037
Trace Rules Database Version: 1096

Memory threats detected  : 0
Registry threats detected : 29
File threats detected    : 25

Registry Cleaner Trial
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]

Adware.HotBar/SpamBlockerUtility (Low Risk)
    C:\Documents and Settings\Johnny Steffensen\Application Data\SpamBlocker\{D355CA2A-AF66-49ED-BC6E-D583DF48B833}.dat
    C:\Documents and Settings\Johnny Steffensen\Application Data\SpamBlocker
    C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf
    HKCR\SpamBlockerConfig.Application
    HKCR\SpamBlockerConfig.Application\Clsid
    HKCR\SpamBlockerConfig.Application.1
    HKCR\SpamBlockerConfig.Application.1\Clsid
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048341.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048349.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048353.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048354.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048355.EXE
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048356.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048357.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048359.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048360.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048361.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048364.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048365.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048366.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048367.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048369.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048370.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048372.exe
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048374.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048380.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048381.dll
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048382.dll

Adware.HotBar/ShopperReports (Low Risk)
    HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\ShopperReports
    HKLM\Software\ShopperReports
    HKLM\Software\ShopperReports\ShopperReports
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#IID
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/iid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#reqid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/requestor
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#bannerid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/bannerid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CoPartnerDisp
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CoPartner
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/affid
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/directInstall
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/instPartner
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#instcklm/instdata/sp2user
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CID
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#IndCID
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CreateDate
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#CreateDateDW
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#cntry_flag
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#GetCountryTime
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#GetCountryTimeText
    HKLM\Software\ShopperReports\ShopperReports\PostInstaller#Cntr

Trojan.Unknown Origin
    C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0049404.exe
Avatar billede monsterdk Novice
03. august 2006 - 20:19 #11
har i alle opgivet?
Avatar billede forevernewbie Nybegynder
03. august 2006 - 20:26 #12
Kom lige med en frisk hijackthis log
Avatar billede johnstigers Seniormester
03. august 2006 - 20:35 #13
Det er den vi venter på :)
Avatar billede monsterdk Novice
03. august 2006 - 20:59 #14
Vupti!

Logfile of HijackThis v1.99.1
Scan saved at 20:58:38, on 03-08-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Winamp\winampa.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\FLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\Flles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Flles filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Johnny Steffensen\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295B953F-50D5-0725-A1EA-01D5FD27E3E8} - C:\WINDOWS\System32\nio.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\Run: [MCX Updte] scorti.exe
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [twzuufbq] C:\WINDOWS\System32\soagvkcn.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [MCX Updte] scorti.exe
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: bn billede i &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1030\phdintl.dll/phdContext.htm
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Flles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Avatar billede forevernewbie Nybegynder
03. august 2006 - 21:13 #15
Inden i går videre, så vil jeg godt lige se en log fra denne scanner, da der muligvis er et rootkit på spil her:

Hent Blacklight her http://www.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik "iaccept". På næste side kan du downloade Blacklight til skrivebordet. Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind. Du skal ikke lade Blacklight fjerne noget endnu.
Avatar billede sigma25 Nybegynder
03. august 2006 - 21:22 #16
her er loggen


08/03/06 21:18:24 [Info]: BlackLight Engine 1.0.42 initialized
08/03/06 21:18:24 [Info]: OS: 5.1 build 2600 (Service Pack 1)
08/03/06 21:18:24 [Note]: 7019 4
08/03/06 21:18:24 [Note]: 7005 0
08/03/06 21:18:31 [Note]: 7006 0
08/03/06 21:18:31 [Note]: 7011 1624
08/03/06 21:18:31 [Note]: 7026 0
08/03/06 21:18:31 [Note]: 7026 0
08/03/06 21:18:41 [Note]: FSRAW library version 1.7.1019
08/03/06 21:19:12 [Note]: 7007 0
Avatar billede forevernewbie Nybegynder
03. august 2006 - 21:36 #17
Den er fino, ingen problemer. Mon ikke john_stigers eller dr1 kommer ind og fixer det sidste ?
03. august 2006 - 22:24 #18
(Den må <john_stigers> hellere rulle videre med ... - der er tihvertfald mindst 10 mistænkelige elementer i HiJackLoggen... men denne
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\service.exe (file missing)
- næsten da ...)
Avatar billede johnstigers Seniormester
03. august 2006 - 23:28 #19
Jeg ved ikke hvad det er - men jeg gentager:
HVIS FOLKENE PÅ SPYWAREFRI IKKE FIXER DEN - FIXER JEG DEN HELLER IKKE!

Og så ikke mere om den ene fil...

http://spywarefri.dk/forum/topic.asp?ARCHIVE=true&whichpage=1&TOPIC_ID=8136&#60021
Avatar billede johnstigers Seniormester
03. august 2006 - 23:29 #20
Her er min vejledning:

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {295B953F-50D5-0725-A1EA-01D5FD27E3E8} - C:\WINDOWS\System32\nio.dll (file missing)
O4 - HKLM\..\Run: [MCX Updte] scorti.exe
O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" –atboottime (valgfri – ikke snavs!)
O4 - HKLM\..\Run: [twzuufbq] C:\WINDOWS\System32\soagvkcn.exe
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [MCX Updte] scorti.exe
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)





--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet disse manuelt :
( De KAN dog være fixet af hijackthis: )
Brug søgefunktionen til at finde dem uden sti – husk at søge i ALLE filer!

scorti.exe
sdktemp.exe
soagvkcn.exe
taskmngrs.exe
C:\WINDOWS\System32\shdocvw.dll



-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido
Avatar billede monsterdk Novice
04. august 2006 - 14:21 #21
Ny hijack log

Logfile of HijackThis v1.99.1
Scan saved at 14:19:19, on 04-08-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Winamp\winampa.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\FLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Flles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Flles filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\Johnny Steffensen\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295B953F-50D5-0725-A1EA-01D5FD27E3E8} - C:\WINDOWS\System32\nio.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: bn billede i &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1030\phdintl.dll/phdContext.htm
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Flles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Avatar billede ejvindh Ekspert
04. august 2006 - 15:20 #22
Bare lige som et lille indlæg i den stående "diskussion" her: De 2 O23-linier skal uden tvivl fixes. Det bliver også gjort i andre SWF-tråde:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=17021
http://spywarefri.dk/forum/topic.asp?ARCHIVE=true&whichpage=1&TOPIC_ID=7876

Når det ikke bliver gjort i den tråd, som Stigers nævner kan det undskyldes med, at det var inden O23-linierne var synlige i loggen, og linien er derfor blevet overset oppe i processerne *S*
Avatar billede ejvindh Ekspert
04. august 2006 - 15:25 #23
...men i øvrigt, så skal man være varsom med at fixe O9- og O23-linier blot fordi der står "File missing". Det er meget tit en fejlagtig angivelse. Disse linier, ville jeg derfor ikke mene skal fixes:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Avatar billede sigma25 Nybegynder
04. august 2006 - 15:29 #24
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at:    15:15:57 04-08-2006

+ Scan result:   



HKLM\SOFTWARE\Classes\WinCommX.Installer -> Adware.BlazeFind : No action taken.
HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID -> Adware.BlazeFind : No action taken.
C:\WINDOWS\Downloaded Program Files\HDPlugin1100.#ll -> Adware.Gator : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048262.dll -> Adware.Hotbar : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048361.dll -> Adware.HotBar : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048369.dll -> Adware.HotBar : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048370.exe -> Adware.Hotbar : No action taken.
C:\WINDOWS\Downloaded Program Files\HbInstI0.#ll -> Adware.HotBar : No action taken.
HKLM\SOFTWARE\ShopperReports -> Adware.HotBar : No action taken.
HKLM\SOFTWARE\ShopperReports\ShopperReports -> Adware.HotBar : No action taken.
HKLM\SOFTWARE\ShopperReports\ShopperReports\PostInstaller -> Adware.HotBar : No action taken.
HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\Hotbar -> Adware.HotBar : No action taken.
HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\Hotbar\Hotbar -> Adware.HotBar : No action taken.
HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\Hotbar\Hotbar\SF -> Adware.HotBar : No action taken.
HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\ShopperReports -> Adware.HotBar : No action taken.
HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\ShopperReports\ShopperReports -> Adware.HotBar : No action taken.
HKU\S-1-5-21-527237240-1957994488-682003330-1003\Software\ShopperReports\ShopperReports\PostInstaller -> Adware.HotBar : No action taken.
C:\Documents and Settings\Johnny Steffensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WLE3G5IZ\ControllerScripts[1].js -> Adware.MediaMotor : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048325.exe -> Adware.MediaTickets : No action taken.
C:\Documents and Settings\Johnny Steffensen\Application Data\apmt___0.#xe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048376.dll -> Adware.Shopper : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048377.dll -> Adware.Shopper : No action taken.
C:\WINDOWS\Downloaded Program Files\WinComm0.#ll -> Adware.WinAD : No action taken.
C:\WINDOWS\system32\bling.exe -> Heuristic.Win32.Morphine-Crypted : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0050450.dll -> Not-A-Virus.Sniffer.Win32.VB.b : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@casalemedia[3].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@centrport[2].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@bilbo.counted[2].txt -> TrackingCookie.Counted : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@linkbuddies[1].txt -> TrackingCookie.Linkbuddies : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Johnny Steffensen\Cookies\johnny steffensen@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048368.exe -> Trojan.Holax.E : No action taken.
C:\System Volume Information\_restore{C90043B9-4940-4302-B97F-AE8C3C1341D8}\RP420\A0048378.exe -> Trojan.Holax.E : No action taken.


::Report end
Avatar billede johnstigers Seniormester
04. august 2006 - 15:35 #25
jeg dropper ud - der er andre der åbenbart har mere tjek på det end jeg har...

Vil mene al symantec med file missing skal væk - AVG er inde, ikke noget fra Symantec...
Avatar billede ejvindh Ekspert
04. august 2006 - 15:48 #26
Det var ikke min mening at tage over, men blot at påpege hvad jeg så som et fejlagtigt mønster i det tidligere indlæg. I øvrigt kan du have en pointe med Symantec. Der optræder slet ikke noget norton i proces-listen, så det kunne være, vi lige skulle få monsterdk på banen med en udtalelse om, om han/hun har Norton's antivirus installeret?

...og om sigma24 og monsterdk er den samme bruger (altså dobbeltbruger)? Hvis ja, så skal vi også have en ny Hijackthis-log efter at Ewido har været kørt (og jeg vil kraftigt anbefale at få nedlagt den ene bruger -- eftersom det er imod Eksperten.dk's regelsæt at have flere brugere!).
Avatar billede monsterdk Novice
04. august 2006 - 15:53 #27
Jeg er ikke dobbeltbruger. sigma25 er min storebror. og da jeg fik forklaret ham hvordan det virker herinde mente jeg at han selv kunne poste resten. der er ingen grund til at komme op at skændes. der er masser af plads at slås på! :-)
Avatar billede monsterdk Novice
04. august 2006 - 15:54 #28
og forresten så har jeg slettet symantec shared på hans computer. så symantec filerne skulle være væk nu.
Avatar billede ejvindh Ekspert
04. august 2006 - 15:54 #29
Alt i orden :-) -- men en ny HJT-log er stadig ønskelig ;-)
Avatar billede monsterdk Novice
04. august 2006 - 15:57 #30
skulle være på vej...
Avatar billede sigma25 Nybegynder
04. august 2006 - 16:04 #31
så kommer den ventede hjt-log


Logfile of HijackThis v1.99.1
Scan saved at 16:02:31, on 04-08-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Winamp\winampa.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Johnny Steffensen\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295B953F-50D5-0725-A1EA-01D5FD27E3E8} - C:\WINDOWS\System32\nio.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn billede i &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1030\phdintl.dll/phdContext.htm
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\service.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Avatar billede sigma25 Nybegynder
04. august 2006 - 16:07 #32
Jeg har tidligere idag gjort alt hvad John Stigers havde skrevet jeg skulle gøre, men da jeg kom til at skulle søge på nogle bestemte filer for at slette dem, kunne jeg ikke få søge funktionen til at starte op. den dukkede simpelthen ikke op når jeg prøvede på at aktivere den. Det problem har stået på i de sidste par dage. Hvorfor kan jeg ikke åbne den?
Avatar billede ejvindh Ekspert
04. august 2006 - 16:22 #33
-- Klik på Start-kør. Skriv: Services.msc, og klik på OK.
Find følgende services, højreklik på dem og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop:
Symantec Event Manager
Symantec Network Proxy
Symantec Password Validation
Symantec Settings Manager
Microsoft Global Services
Microsoft Global Backup Services
Norton AntiVirus Auto Protect
SAVScan
ScriptBlocking Service
Symantec Network Drivers Service
) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe (file missing)


-- Klik Start-kør, skriv cmd, og klik på OK. I det sorte billede skriver du:
sc delete "ccEvtMgr" <efterfulgt af Enter>
sc delete "ccProxy" <efterfulgt af Enter>
sc delete "ccPwdSvc" <efterfulgt af Enter>
sc delete "itnalispy" <efterfulgt af Enter>
sc delete "itnalispy666" <efterfulgt af Enter>
sc delete "navapsvc" <efterfulgt af Enter>
sc delete "SAVScan" <efterfulgt af Enter>
sc delete "SBService" <efterfulgt af Enter>
sc delete "SNDSrvc" <efterfulgt af Enter>

Luk herefter det sorte billede.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
O2 - BHO: (no name) - {295B953F-50D5-0725-A1EA-01D5FD27E3E8} - C:\WINDOWS\System32\nio.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

-- Angående den manglende søgefunktion, så prøv dette:
Klik på Start=>Kør skriv: SFC /scannow  (husk mellemrum mellem SFC og /scannow)
Din windows skive skal sidde i drevet. Den tjekker og reparer dine systemfiler

-- Genstart herefter computeren, lav en ny HJT-log, som du sender herind til check.
Avatar billede ejvindh Ekspert
04. august 2006 - 16:23 #34
Hov. Denne linie skulle ikke have været med i det sidste indlæg:
) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe (file missing)
Avatar billede sigma25 Nybegynder
04. august 2006 - 17:24 #35
Når jeg prøver på at åbne dette kommer flg meddelelse:

mmc.exe har fundet en fejl og afsluttes. Vi beklager ulejligheden.

AppName: mmc.exe    AppVer: 5.1.2600.0    ModName: clbcatq.dll
ModVer: 2001.12.4414.42    Offset: 00015d5c
Avatar billede forevernewbie Nybegynder
04. august 2006 - 19:15 #36
Jeg vil helst ikke være pessimist, men maskinen har været meget inficeret, og der er helt sikkert temmelig mange fejl i både Windows og registreringsdatabase. Det kan sikkert lade sig gøre at få den til at køre, men du formentlig opleve fejl fra tid til anden, så spørgsmålet er om du ikke ville blive mere tilfreds med en formattering og geninstallation. Det kan faktisk også vise sig, at være en hurtigere løsning
Avatar billede ejvindh Ekspert
04. august 2006 - 20:40 #37
Eller også kan du prøve at køre punktet med SFC-scannet først, og se om det måske afhjælper problemet. Og hvis det ikke gør det, kan du prøve en repair, der langt hen ad vejen faktisk svarer til en nyinstallation (bortset fra at du ikke mister dine programmer og dine dokumenter). En vejledning til repair finder du her:

http://www.hcma.dk/tips1to10.htm#no4
Avatar billede monsterdk Novice
07. august 2006 - 19:16 #38
Tråden er midlertidig nede da min storebror er taget i sommerhus. jeg vil forsøge at genoptage den til weekenden da han kommer hjem og aflevere hans computer hos mig. Jeg undskylder ubelejligheden og håber i stadig vil hjælpe når tiden kommer.

Mvh Monsterdk
Avatar billede ejvindh Ekspert
07. august 2006 - 19:37 #39
Alt i orden. :-)
Avatar billede monsterdk Novice
08. september 2006 - 13:03 #40
Takker for den megen hjælp. Resultatet blev en geninstallering af OS og en grundig gennemgang af hvordan man undgår sjove sager fra nettet. Og forevernewbie fortjener egentlig pointene selvom han ikke rigtige lavede noget! :-) Så smid et svar. og du ska få ska du!
Avatar billede forevernewbie Nybegynder
08. september 2006 - 16:27 #41
Tænk at få point for det råd ;) Ja ja okay, her så et svar
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester