CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede natman Nybegynder
19. september 2007 - 16:32 Der er 7 kommentarer og
2 løsninger

logfil check

Hej...har for nyligt haft bøvl med pc'en, derfor beder jeg en eller anden sagkyndig til at kigge på problemet. På forhånd, mange tak!

Logfile of HijackThis v1.99.1
Scan saved at 15:35:38, on 19-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\bin\ZLH.EXE
C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Browser MOUSE\mouse32a.exe
C:\Norman\Nvc\BIN\npfmsg2.exe
C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Office keyboard utility\1.1\MMKEYB.EXE
C:\Programmer\QuickTime\QTTask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Office keyboard utility\1.1\TrayMon.exe
C:\Programmer\Office keyboard utility\1.1\osd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Norman\bin\niu.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Ejer\Dokumenter\Modtagne filer\rengøring\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmer\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.bgbank.dk
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

ComboFix 07-09-18.4 - "Ejer" 2007-09-19 15:22:05.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.82 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\winupdates
C:\Programmer\winupdates\a.zip
C:\WINDOWS\system.exe

.
(((((((((((((((((((((((((  Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))
.

2007-09-19 15:17    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-19 10:38    <DIR>    d----c---    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 10:38    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-19 10:38    <DIR>    d--------    C:\DOCUME~1\Ejer\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 10:37    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-09-19 10:27    <DIR>    d--------    C:\Programmer\CCleaner

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 11:05    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
2007-09-19 09:53    ---------    d--------    C:\Programmer\Azureus
2007-08-11 00:13    ---------    d--------    C:\DOCUME~1\Mommy\APPLIC~1\Windows Desktop Search
2007-08-11 00:13    ---------    d--------    C:\DOCUME~1\Mommy\APPLIC~1\MSN Search Toolbar
2007-08-05 12:48    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\WinRAR
2007-07-30 19:19    92504    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-19 08:58    3583488    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-13 01:31    765952    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-27 16:05    823808    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 16:05    671232    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 16:05    6058496    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 16:05    52224    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 16:05    477696    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 16:05    459264    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 16:05    44544    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 16:05    27648    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 16:05    267776    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 16:05    232960    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 16:05    193024    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 16:05    1152000    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 16:05    105984    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 16:05    102400    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 16:04    384512    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 16:04    383488    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 16:04    230400    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 16:04    153088    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 16:04    132608    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 16:04    124928    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 15:34    317952    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-27 10:27    63488    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 10:27    13824    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 10:25    625152    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 09:00    161792    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\SYSTEM32\gdi32.dll
2007-06-19 15:32    282112    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer
2005-06-02 11:39:16    56    -csh--r    C:\WINDOWS\SYSTEM32\AE55A7F75F.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\bin\ZLH.exe" [2005-03-07 12:05]
"Ulead Memory Card Detector"="C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe" [2002-11-15 20:05]
"FLMOFFICE4DMOUSE"="C:\Programmer\Browser MOUSE\mouse32a.exe" [2004-07-26 18:10]
"FLMOFFICEKEYBOARD"="C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe" [2004-07-26 18:13]
"nwiz"="nwiz.exe" [2002-05-03 10:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-07-10 09:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 10:38]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-19 11:46]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-12 12:17:35]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
DESKTOP.INI [2001-10-17 09:45:20]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]

C:\DOCUME~1\DEFAUL~1\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2001-10-17 09:45:20]

C:\DOCUME~1\Ejer\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2004-06-12 18:01:29]

C:\DOCUME~1\Mommy\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2001-10-17 09:45:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\System32\drivers\tdi_rd.sys
R2 Ndiskio;Ndiskio;\??\c:\norman\nse\bin\ndiskio.sys
R2 nhksrv;Netropa NHK Server;C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
R3 rtl8029;NT-driver til Realtek RTL8029(AS)-baseret PCI Ethernet-netværkskort;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 CMDRIVER;CMDRIVER;C:\WINDOWS\system32\drivers\CMDriver.sys
S3 dz2kscsi;dz2kscsi;C:\WINDOWS\system32\DRIVERS\dz2kscsi.sys
S3 dz2kusb;dz2kusb;C:\WINDOWS\system32\DRIVERS\dz2kusb.sys
S3 jswmidin;jswmidin;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\jswmidin.sys
S3 nvcfsr;nvcfsr;\??\C:\NORMAN\Nvc\BIN\nvcfsr.sys
S3 nvcoafl51;nvcoafl51;\??\C:\NORMAN\Nvc\BIN\nvcoafl51.sys
S3 nvcoaft51;nvcoaft51;\??\C:\NORMAN\Nvc\BIN\nvcoaft51.sys
S3 nvcoarc51;nvcoarc51;\??\C:\NORMAN\Nvc\BIN\nvcoarc51.sys
S3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-16 11:57:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2005-12-03 13:45:33 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1125319322.job"
"2007-09-19 12:35:02 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 15:26:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="System32\DRIVERS\viaagp.sys"
.
Completion time: 2007-09-19 15:28:41
C:\ComboFix-quarantined-files.txt ... 2007-09-19 15:28
.
    --- E O F ---


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/19/2007 at 10:47 AM

Application Version : 3.7.1018

Core Rules Database Version : 3309
Trace Rules Database Version: 1314

Scan type      : Complete Scan
Total Scan Time : 00:00:16

Memory items scanned      : 38
Memory threats detected  : 0
Registry items scanned    : 0
Registry threats detected : 0
File items scanned        : 0
File threats detected    : 0


********************************* ROOTCHK-(17-09-07)-LOG, by ejvindh
19-09-2007 16:30:42,71

Driver cmdriver (visible) is present. A rootkit scan is recommended.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 16:30:43
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000cb1

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede Computer Hjælp (Gratis) Mester
19. september 2007 - 17:40 #1
Du 'indbyder' selv til det med at have P2P programmer instaleret/kørende...

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Afinstaller
* Azureus
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Der ER allerede blevet ædt nogle Uønskede elementer fra dit system via ComboFix

---------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

---------------------------------------

Hvordan kører PC'en så nu ?
Avatar billede natman Nybegynder
19. september 2007 - 18:51 #2
Jeg har ellers afinstalleret azureus, har kun brugt den en gang for jeg var nysgerrig og så har jeg slettet den. Og så har je jo været turen igennem ccleaner, superspywarefri, combofix, rootchk og hijackthis som jo fremgår af logfilerne; ikke for at lyde smart ;-)
Avatar billede natman Nybegynder
19. september 2007 - 18:55 #3
Men jeg kan da se at den er der stadig....nederen...
Avatar billede natman Nybegynder
19. september 2007 - 21:58 #4
Jeg starter lige påny....

Logfile of HijackThis v1.99.1
Scan saved at 21:40:57, on 19-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
C:\Programmer\Browser MOUSE\mouse32a.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe
C:\Norman\Nvc\BIN\npfmsg2.exe
C:\Programmer\Office keyboard utility\1.1\MMKEYB.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\QuickTime\QTTask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Office keyboard utility\1.1\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Office keyboard utility\1.1\osd.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Norman\bin\niu.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documents and Settings\Ejer\Dokumenter\Modtagne filer\rengøring\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmer\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.bgbank.dk
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


ComboFix 07-09-18.4 - "Ejer" 2007-09-19 21:42:33.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.43 [GMT 2:00]
.

(((((((((((((((((((((((((  Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))
.

2007-09-19 15:17    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-19 10:38    <DIR>    d----c---    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 10:38    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-19 10:38    <DIR>    d--------    C:\DOCUME~1\Ejer\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 10:37    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-09-19 10:27    <DIR>    d--------    C:\Programmer\CCleaner

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 19:01    ---------    d--------    C:\Programmer\Windows Media Connect 2
2007-09-19 18:56    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\Lavasoft
2007-09-19 18:45    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
2007-08-11 00:13    ---------    d--------    C:\DOCUME~1\Mommy\APPLIC~1\Windows Desktop Search
2007-08-11 00:13    ---------    d--------    C:\DOCUME~1\Mommy\APPLIC~1\MSN Search Toolbar
2007-08-05 12:48    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\WinRAR
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer
2005-06-02 11:39:16    56    -csh--r    C:\WINDOWS\SYSTEM32\AE55A7F75F.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\bin\ZLH.exe" [2005-03-07 12:05]
"Ulead Memory Card Detector"="C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe" [2002-11-15 20:05]
"FLMOFFICE4DMOUSE"="C:\Programmer\Browser MOUSE\mouse32a.exe" [2004-07-26 18:10]
"FLMOFFICEKEYBOARD"="C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe" [2004-07-26 18:13]
"nwiz"="nwiz.exe" [2002-05-03 10:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-07-10 09:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 10:38]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-19 11:46]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-12 12:17:35]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
DESKTOP.INI [2001-10-17 09:45:20]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]

C:\DOCUME~1\DEFAUL~1\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2001-10-17 09:45:20]

C:\DOCUME~1\Ejer\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2004-06-12 18:01:29]

C:\DOCUME~1\Mommy\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2001-10-17 09:45:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\System32\drivers\tdi_rd.sys
R2 Ndiskio;Ndiskio;\??\c:\norman\nse\bin\ndiskio.sys
R2 nhksrv;Netropa NHK Server;C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
R3 rtl8029;NT-driver til Realtek RTL8029(AS)-baseret PCI Ethernet-netværkskort;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 CMDRIVER;CMDRIVER;C:\WINDOWS\system32\drivers\CMDriver.sys
S3 dz2kscsi;dz2kscsi;C:\WINDOWS\system32\DRIVERS\dz2kscsi.sys
S3 dz2kusb;dz2kusb;C:\WINDOWS\system32\DRIVERS\dz2kusb.sys
S3 jswmidin;jswmidin;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\jswmidin.sys
S3 nvcfsr;nvcfsr;\??\C:\NORMAN\Nvc\BIN\nvcfsr.sys
S3 nvcoafl51;nvcoafl51;\??\C:\NORMAN\Nvc\BIN\nvcoafl51.sys
S3 nvcoaft51;nvcoaft51;\??\C:\NORMAN\Nvc\BIN\nvcoaft51.sys
S3 nvcoarc51;nvcoarc51;\??\C:\NORMAN\Nvc\BIN\nvcoarc51.sys
S3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-16 11:57:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2005-12-03 13:45:33 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1125319322.job"
"2007-09-19 19:35:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 21:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="System32\DRIVERS\viaagp.sys"
.
Completion time: 2007-09-19 21:50:59
C:\ComboFix-quarantined-files.txt ... 2007-09-19 21:50
C:\ComboFix2.txt ... 2007-09-19 15:28
.
    --- E O F ---


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/19/2007 at 10:47 AM

Application Version : 3.7.1018

Core Rules Database Version : 3309
Trace Rules Database Version: 1314

Scan type      : Complete Scan
Total Scan Time : 00:00:16

Memory items scanned      : 38
Memory threats detected  : 0
Registry items scanned    : 0
Registry threats detected : 0
File items scanned        : 0
File threats detected    : 0


********************************* ROOTCHK-(17-09-07)-LOG, by ejvindh
19-09-2007 21:56:18,89

Driver cmdriver (visible) is present. A rootkit scan is recommended.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 21:56:19
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede ejvindh Ekspert
20. september 2007 - 10:44 #5
Du har et rootkit på din computer. Prøv derfor følgende:

Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\WINDOWS\SYSTEM32\AE55A7F75F.sys
C:\WINDOWS\system32\drivers\CMDriver.sys

Driver::
CMDRIVER

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

Lav også en ny logfil med Hijackthis, som du lægger herind til gennemsyn.
Avatar billede natman Nybegynder
20. september 2007 - 20:34 #6
Her er så den ny combofixlogfil:

ComboFix 07-09-20.1 - "Ejer" 2007-09-20 20:09:05.8 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.50 [GMT 2:00]
Command switches used ::  D:\Documents and Settings\Ejer\Dokumenter\Modtagne filer\reng›ring\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\AE55A7F75F.sys
C:\WINDOWS\system32\drivers\CMDriver.sys
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\AE55A7F75F.sys

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\CMDRIVER


(((((((((((((((((((((((((  Files Created from 2007-08-20 to 2007-09-20  )))))))))))))))))))))))))))))))
.

2007-09-19 15:17    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-19 10:38    <DIR>    d----c---    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 10:38    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-19 10:38    <DIR>    d--------    C:\DOCUME~1\Ejer\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 10:37    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-09-19 10:27    <DIR>    d--------    C:\Programmer\CCleaner

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 19:01    ---------    d--------    C:\Programmer\Windows Media Connect 2
2007-09-19 18:56    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\Lavasoft
2007-09-19 18:45    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
2007-08-11 00:13    ---------    d--------    C:\DOCUME~1\Mommy\APPLIC~1\Windows Desktop Search
2007-08-11 00:13    ---------    d--------    C:\DOCUME~1\Mommy\APPLIC~1\MSN Search Toolbar
2007-08-05 12:48    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\WinRAR
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\bin\ZLH.exe" [2005-03-07 12:05]
"Ulead Memory Card Detector"="C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe" [2002-11-15 20:05]
"FLMOFFICE4DMOUSE"="C:\Programmer\Browser MOUSE\mouse32a.exe" [2004-07-26 18:10]
"FLMOFFICEKEYBOARD"="C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe" [2004-07-26 18:13]
"nwiz"="nwiz.exe" [2002-05-03 10:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-07-10 09:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 10:38]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-19 11:46]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-12 12:17:35]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
DESKTOP.INI [2001-10-17 09:45:20]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]

C:\DOCUME~1\DEFAUL~1\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2001-10-17 09:45:20]

C:\DOCUME~1\Ejer\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2004-06-12 18:01:29]

C:\DOCUME~1\Mommy\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2001-10-17 09:45:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\System32\drivers\tdi_rd.sys
R2 Ndiskio;Ndiskio;\??\c:\norman\nse\bin\ndiskio.sys
R2 nhksrv;Netropa NHK Server;C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
R3 rtl8029;NT-driver til Realtek RTL8029(AS)-baseret PCI Ethernet-netværkskort;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 dz2kscsi;dz2kscsi;C:\WINDOWS\system32\DRIVERS\dz2kscsi.sys
S3 dz2kusb;dz2kusb;C:\WINDOWS\system32\DRIVERS\dz2kusb.sys
S3 jswmidin;jswmidin;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\jswmidin.sys
S3 nvcfsr;nvcfsr;\??\C:\NORMAN\Nvc\BIN\nvcfsr.sys
S3 nvcoafl51;nvcoafl51;\??\C:\NORMAN\Nvc\BIN\nvcoafl51.sys
S3 nvcoaft51;nvcoaft51;\??\C:\NORMAN\Nvc\BIN\nvcoaft51.sys
S3 nvcoarc51;nvcoarc51;\??\C:\NORMAN\Nvc\BIN\nvcoarc51.sys
S3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 11:57:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2005-12-03 13:45:33 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1125319322.job"
"2007-09-20 17:35:13 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 20:23:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="System32\DRIVERS\viaagp.sys"
.
Completion time: 2007-09-20 20:28:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 20:28
C:\ComboFix2.txt ... 2007-09-20 19:34
.
    --- E O F ---
______________________________________________________________________________________


Og en ny Hijackthislogfil:

Logfile of HijackThis v1.99.1
Scan saved at 20:34:08, on 20-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
C:\Programmer\Browser MOUSE\mouse32a.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Office keyboard utility\1.1\MMKEYB.EXE
C:\Norman\Nvc\BIN\npfmsg2.exe
C:\Programmer\QuickTime\QTTask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Office keyboard utility\1.1\TrayMon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Office keyboard utility\1.1\osd.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Desktop Search\WindowsSearchFilter.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documents and Settings\Ejer\Dokumenter\Modtagne filer\rengøring\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmer\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programmer\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Programmer\Office keyboard utility\1.1\OFFICEKB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.bgbank.dk
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Office keyboard utility\1.1\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Avatar billede ejvindh Ekspert
21. september 2007 - 08:13 #7
Så blev loggen ren. For en sikkerheds skyld vil jeg dog anbefale dig at scanne computeren igennem med Superantispyware. Jeg kan se, at du allerede har den installeret. Hvis den finder noget, er du velkommen til at lægge logfilen herind til gennemsyn.

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37
Avatar billede natman Nybegynder
22. september 2007 - 15:08 #8
mange tak for hjælpen...går straks i gang med forebyggelsesaktionen!
Avatar billede ejvindh Ekspert
22. september 2007 - 19:44 #9
Du er velkommen :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
telefonnummer som id Af bvirk i Andet sikkerhed 3 13/08/202416:32 14/08/202418:28
Password sikkerhed Af jhjorsal i Andet sikkerhed 2 13/07/202413:12 13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed 1 29/05/202414:23 30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed 2 26/05/202412:09 26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 15:09 Kode til det enkelte ark. Af lkt i Excel
I dag 14:50 Give resultat ud fra flere "HVIS'er" Af Lassebo1981 i Excel
I dag 10:24 HJÆLP til formel i excel Af CBH i Excel
I dag 07:40 Tastatur med lommeregner Af HHA i Andet hardware
I går 23:02 Hjælp til formel. Afrund??? Af MrMYansen i Excel
White papers
Flere white papers »


Premium
Teaser billede
Microsoft-bommert har skabt travlhed hos administratorer: Mails registreret som malware
Læs mere »
Disse leverandører skal slås om offentlig dansk it-aftale til 2,3 milliarder kroner: Fem skal sorteres fra i den kommende tid
Han gennemlevede et mareridt af en it-fusion: Men de dyre lærepenge var godt givet ud
Sådan bliver du klar til Microsofts nye sikkerheds-tiltag - alle virksomheder bliver tvunget med
Se alle »
Computerworld
Teaser billede
Verdens største bilproducent ramt af hackerangreb: Sender skylden videre til tredjepart
Læs mere »
Næste måned skifter din iPhones Apple-id til et nyt navn
Benægter eksistens af gigantisk firewall for 230 millioner mennesker: VPN er skyld i sløjt internet
Test: Denne laptop rammer plet - er utrolig slank men alligevel utrolig stærk
Se alle »
CIO
Teaser billede
Detailkæde har mistet over 65 millioner kroner efter cyberangreb – kræver erstatning fra it-leverandør
Læs mere »
Hun flyttede til Frankrig med to kufferter og startede i et af verdens største CIO-job dagen efter: "De vigtige beslutninger blev bare ikke taget"
DSB køber cloud-løsning til 420 millioner kroner af hollandsk it-selskab: Skal afløse 30 år gammelt system
Der er under halvt så mange it-specialister i Danmark som regeringen påstår - tæller elektrikere og automekanikere med
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Til åbningsfest i det nye NNIT-hovedkontor: ”Som at flytte til New York sammenlignet med der hvor vi kommer fra” - se billederne
Se alle »
White paper
Teaser billede
Informationshåndtering på frontlinjen: Sådan optimerer du med automatisering
Læs mere »
Sådan gør du: Elektronisk dokumentudveksling i praksis
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Guide: Sådan udvikler du en moderne netværksstrategi
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »