Avatar billede kurtr Nybegynder
26. februar 2008 - 00:49 Der er 9 kommentarer og
1 løsning

Security Toolbar 7.1 virus

Nogen der kan hjælpe med at evt fjerne sådan noget

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34, on 2007-11-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Gem\HiJack\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Programmer\Moyea\FLV Downloader\MoyeaCth.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tilføj til Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180796623796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185146921109
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe

--
End of file - 8694 bytes
Avatar billede Jensen DK Novice
26. februar 2008 - 08:21 #1
Prøv at køre denne skanner komplet.
http://support.f-secure.com/ols/start.html
Avatar billede kurtr Nybegynder
26. februar 2008 - 15:32 #2
Hej
Har jeg gjort det løste ikke problemet
26. februar 2008 - 15:51 #3
... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede kurtr Nybegynder
26. februar 2008 - 16:13 #4
her kommer det meste af det
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:52, on 26-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Kurt Rasmussen\Skrivebord\Spywarefri\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=740363&lt=2&it=2008-02-26%2000%3A18%3A27&dt=2008-02-26%2000%3A24%3A52&q=http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programmer\NetProject\wamdl.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tilføj til Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180796623796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185146921109
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe

--
End of file - 9083 bytes
ComboFix 08-02-25.3 - Kurt Rasmussen 2008-02-26 14:41:58.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.546 [GMT 1:00]
Running from: C:\Documents and Settings\Kurt Rasmussen\Skrivebord\Spywarefri\SWF_CF.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-01-26 to 2008-02-26  )))))))))))))))))))))))))))))))
.

2008-02-26 00:57 . 2008-02-26 00:57    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-26 00:41 . 2008-02-26 00:41    <DIR>    d--------    C:\Documents and Settings\Kurt Rasmussen\Application Data\Grisoft
2008-02-26 00:41 . 2008-02-26 00:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 00:41 . 2007-05-30 13:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-26 00:36 . 2008-02-26 00:36    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-26 00:18 . 2008-02-26 12:39    <DIR>    d--------    C:\Programmer\NetProject

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 13:52    40,185,632    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-26 13:51    1,725,472    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-26 13:37    ---------    d-----w    C:\Documents and Settings\Kurt Rasmussen\Application Data\OpenOffice.org2
2008-02-26 13:37    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-26 13:35    542,900    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-26 13:35    166,892    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-21 15:52    ---------    d-----w    C:\Programmer\Mozilla Sunbird
2008-02-19 12:23    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-02-02 11:38    91,700    ----a-w    C:\WINDOWS\system32\drivers\klin.dat
2008-01-29 14:41    ---------    d-----w    C:\Programmer\Family Tree Maker 2006
2008-01-12 10:45    ---------    d-----w    C:\Programmer\Windows Live
2008-01-12 10:44    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-01-12 10:42    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-11 05:40    44,544    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:54    347,136    ----a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51    179,584    ----a-w    C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-13 18:09    972,072    ----a-w    C:\WINDOWS\UNNeroMediaHome.exe
2007-12-08 05:13    3,592,192    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:00    13,824    ----a-w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:59    70,656    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 10:59    625,664    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 08:59    972,072    ----a-w    C:\WINDOWS\UNRecode.exe
2007-12-03 17:04    95,600    ----a-w    C:\WINDOWS\system32\NeroCo.dll
2007-11-19 21:02    7,885    ----a-w    C:\Programmer\hijackthis.log
2007-11-18 19:16    2,293,848    ----a-w    C:\Programmer\FLV PlayerFCSetup.exe
2007-07-06 17:39    401,720    ----a-w    C:\Programmer\HJTrenamed.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{81705D67-3F73-4983-859B-97D0922E5ABE}

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Programmer\NetProject\wamdl.dll [2008-02-26 00:18 70656]

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 11:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 18:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 18:32 126976]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 22:44 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 22:43 688218]
"PCMService"="C:\Programmer\Arcade\PCMService.exe" [2005-03-09 17:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-27 04:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 13:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 13:00 455168]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 20:05 339968]
"LManager"="C:\Programmer\Launch Manager\QtZgAcer.EXE" [2005-10-13 10:33 319488]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 09:53 196608]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 09:53 2985472]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 15:41 393216]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 15:45 2462208]
"AVP"="C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 19:50 200768]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 11:00 15360]

C:\Documents and Settings\Kurt Rasmussen\Menuen Start\Programmer\Start\
OpenOffice.org 2.3.lnk - C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-01 20:40:14 110592]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-06-25 12:34:41 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 17:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 12:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 17:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 15:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 14:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 14:34]

*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 04:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 14:51:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 14:53:05
ComboFix2.txt  2008-02-26 00:50:39
ComboFix3.txt  2007-11-16 18:12:04
.
2008-02-15 15:28:38    --- E O F --- 
VG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    15:46:57 26-02-2008

+ Scan result:   



C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
26-02-2008 16:00:51,90

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 16:00:53
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files:
håber det kan bruges
26. februar 2008 - 16:43 #5
Fundet !!! ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Folders to delete:
C:\Programmer\NetProject
~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programmer\NetProject\wamdl.dll

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.
Avatar billede kurtr Nybegynder
26. februar 2008 - 16:59 #6
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:26, on 26-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Kurt Rasmussen\Skrivebord\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myownstartpage.net/?cm=740363&lt=2&it=2008-02-26%2000%3A18%3A27&dt=2008-02-26%2000%3A24%3A52&q=http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tilføj til Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180796623796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185146921109
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe

--
End of file - 8440 bytes
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ubsjkujt

*******************

Script file located at: \??\C:\tdhbampn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Programmer\NetProject deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede kurtr Nybegynder
26. februar 2008 - 17:00 #7
det ser ud til det er væk toolbaren er der ikke mere
26. februar 2008 - 17:17 #8
BINGO!

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

------------------------

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...
Avatar billede kurtr Nybegynder
26. februar 2008 - 17:19 #9
Jeg takker for hjælper
Har du fået dine points??
26. februar 2008 - 17:57 #10
Takker for P.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester