Avatar billede bigh Nybegynder
26. februar 2008 - 13:06 Der er 25 kommentarer og
1 løsning

Hvordan fjerne man ekvgsnw toolbar (zheltaya_hernya)

Jeg er så uheldig at ha' modtaget denne lidt kedelige ting (Toolbar)ekvgsnw toolbar (zheltaya_hernya)samt denne gule bar i toppen af browservinduet (http://protect.trustedantivirus.com/MTY4Nzc=/2/5993/ed=1/ex=1/h=10/zheltaya_hernya/)

Hvordan kommer jeg af med det. ?


mvh.

Hans Henrik
26. februar 2008 - 13:12 #1
... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

------------------
Avatar billede bigh Nybegynder
26. februar 2008 - 13:20 #2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:36, on 26-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\virusfighter\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\programmer\steam\steam.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\HP\Smart Web Printing\hpswp_clipbook.exe
c:\Norman\Npf\Bin\Npfmsg2.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hans Henrik\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {4C0C8119-1DF3-43EB-9551-B58AF1E04CA9} - C:\WINDOWS\dgtxrdfknf.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: ekvgsnw - {CBBF7BAC-D39B-4FC2-930E-8C2F6C73B45F} - C:\WINDOWS\ekvgsnw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Norman ZANDA] C:\virusfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Programmer\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://www.webmail.schulstad.dk/iNotes6W.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://webcam.vsk.dk/ocx/IMMP4Control.ocx
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: bxlrvps - {E82A912C-B77E-4985-BE27-283210886B5B} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: alofkmn - {75D673CE-F475-4305-9043-A4F9ED1434D3} - C:\WINDOWS\alofkmn.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\virusfighter\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe

--
End of file - 13314 bytes
Avatar billede bigh Nybegynder
26. februar 2008 - 13:48 #3
Er det til at gennemskue
26. februar 2008 - 14:04 #4
Jo da - kan se flere - men ... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede bigh Nybegynder
26. februar 2008 - 14:07 #5
Jeg fandt faktisk denne her selv.... og fixede den det ser faktisk ud til det har hjulpet skidtet er væk.

Hvodden er det jeg gør når du skal hvae dine point


O3 - Toolbar: ekvgsnw - {CBBF7BAC-D39B-4FC2-930E-8C2F6C73B45F} - C:\WINDOWS\ekvgsnw.dll
Avatar billede bigh Nybegynder
26. februar 2008 - 14:17 #6
Tak for hjælpen
26. februar 2008 - 14:20 #7
... omtalte linie er IKKE nok !!!

ComboFix i http://www.eksperten.dk/artikler/1123 vil/kan mere eller mindre automatisk fixe/fjerne resten + de foreløbig usynlige elementer...

(Jeg kan også gøre det "manuelt" men i mange tilfælde - som her - vil jeg have ComboFix ind over først...)
Avatar billede bigh Nybegynder
26. februar 2008 - 14:29 #8
Hej sådan ser det ud efter jeg har kørt combofix jeg sender lige en ny hijack log


ComboFix 08-02-25.3 - Hans Henrik 2008-02-26 14:24:52.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1121 [GMT 1:00]
Running from: C:\Documents and Settings\Hans Henrik\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Programmer\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\myglobalsearch
C:\Programmer\myglobalsearch\bar\History\search
C:\WINDOWS\dgtxrdfknf.dll
C:\WINDOWS\ekvgsnw.dll
C:\WINDOWS\system32\AutoRun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-01-26 to 2008-02-26  )))))))))))))))))))))))))))))))
.

2008-02-26 14:13 . 2008-02-26 14:13    <DIR>    d--------    C:\Programmer\Enigma Software Group
2008-02-26 12:54 . 2008-02-26 14:13    32    --a------    C:\WINDOWS\NPFMSG.CFG
2008-02-26 12:16 . 2008-02-26 12:55    <DIR>    d--------    C:\virusfighter
2008-02-26 11:58 . 2008-02-26 12:42    <DIR>    d--------    C:\Programmer\XoftSpySE
2008-02-26 11:14 . 2008-02-26 11:14    552    --a------    C:\WINDOWS\system32\d3d8caps.dat
2008-02-26 10:50 . 2008-02-26 10:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 10:49 . 2008-02-26 10:49    <DIR>    d--------    C:\Programmer\Yahoo!
2008-02-26 10:27 . 2008-02-26 06:35    323,584    --a------    C:\WINDOWS\bxlrvps.dll
2008-02-26 10:27 . 2008-02-26 06:35    200,704    --a------    C:\WINDOWS\alofkmn.dll
2008-02-26 10:27 . 2008-02-26 06:35    102,400    --a------    C:\WINDOWS\fkxvkns.exe
2008-02-26 10:23 . 2008-02-26 10:23    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-02-26 10:23 . 2008-02-26 10:23    1,409    --a------    C:\WINDOWS\QTFont.for
2008-02-20 00:22 . 2008-02-20 00:25    <DIR>    d--hs----    C:\Documents and Settings\Hans Henrik\Phone Browser
2008-01-30 23:02 . 2008-01-30 23:02    <DIR>    d--------    C:\Programmer\Citrix
2008-01-30 23:02 . 2008-01-30 23:02    <DIR>    d--------    C:\Documents and Settings\Hans Henrik\Application Data\ICAClient
2008-01-29 13:11 . 2008-01-29 13:11    <DIR>    d--------    C:\Documents and Settings\Hans Henrik\Application Data\HP
2008-01-28 19:14 . 2008-01-28 19:14    <DIR>    d--------    C:\Programmer\HCA
2008-01-27 21:06 . 2008-01-27 21:06    <DIR>    d--------    C:\Documents and Settings\Dorthe\Application Data\HPAppData
2008-01-27 01:06 . 2008-01-27 01:06    <DIR>    d--------    C:\Documents and Settings\Hans Henrik\Application Data\Nokia Multimedia Player
2008-01-27 00:23 . 2008-01-27 00:23    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-27 00:19 . 2008-01-27 00:19    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-27 00:18 . 2008-01-27 00:18    <DIR>    d--------    C:\Documents and Settings\Hans Henrik\Application Data\HPAppData
2008-01-27 00:14 . 2008-01-27 00:14    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-27 00:10 . 2008-01-27 00:10    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-27 00:10 . 2007-05-02 09:56    954,368    -ra------    C:\WINDOWS\system32\hpotiop5.dll
2008-01-27 00:10 . 2007-05-02 10:01    675,840    -ra------    C:\WINDOWS\system32\hpowiax5.dll
2008-01-27 00:10 . 2007-03-08 05:20    364,544    -ra------    C:\WINDOWS\system32\hppldcoi.dll
2008-01-27 00:10 . 2007-03-08 05:20    309,760    -ra------    C:\WINDOWS\system32\difxapi.dll
2008-01-27 00:10 . 2007-05-02 10:00    303,104    -ra------    C:\WINDOWS\system32\hpovst12.dll
2008-01-27 00:10 . 2007-05-02 11:03    267,864    -ra------    C:\WINDOWS\system32\hpzids01.dll
2008-01-27 00:10 . 2008-01-27 00:23    160,513    --a------    C:\WINDOWS\hpoins21.dat
2008-01-27 00:10 . 2007-03-15 15:32    118,272    --a------    C:\WINDOWS\system32\hpz3l5ha.dll
2008-01-27 00:10 . 2007-09-05 19:26    8,138    ---------    C:\WINDOWS\hpomdl21.dat
2008-01-26 16:01 . 2008-01-26 16:01    <DIR>    d--------    C:\Programmer\Grimm's Hatchery

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 12:09    ---------    d-----w    C:\Programmer\Steam
2008-02-26 11:53    5    ----a-w    C:\NPF_USER.DAT
2008-02-26 11:48    ---------    d-----w    C:\Programmer\SPAMfighter
2008-02-26 11:16    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-02-26 11:15    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\NPF
2008-02-26 08:42    22,328    ----a-w    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-26 08:41    107,832    ----a-w    C:\WINDOWS\system32\PnkBstrB.exe
2008-02-25 13:54    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-25 08:06    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-02-15 09:24    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-02-06 23:35    107,888    ----a-w    C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 23:19    ---------    d-----w    C:\Programmer\HP
2008-01-25 00:45    413,696    ----a-w    C:\WINDOWS\system32\wrap_oal.dll
2008-01-25 00:45    110,592    ----a-w    C:\WINDOWS\system32\OpenAL32.dll
2008-01-25 00:45    ---------    d-----w    C:\Programmer\Eidos
2008-01-24 15:06    ---------    d-----w    C:\Programmer\EA GAMES
2008-01-20 17:08    ---------    d-----w    C:\Documents and Settings\Dorthe\Application Data\Nero
2008-01-19 19:54    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\Nero
2008-01-19 19:53    ---------    d-----w    C:\Programmer\Fælles filer\Nero
2008-01-19 19:52    ---------    d-----w    C:\Programmer\Nero
2008-01-19 19:52    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nero
2008-01-19 14:23    ---------    d-----w    C:\Programmer\LucasArts
2008-01-19 14:23    ---------    d-----w    C:\Programmer\GameSpy Arcade
2008-01-18 14:32    ---------    d-----w    C:\Programmer\Java
2008-01-18 14:31    ---------    d-----w    C:\Programmer\Fælles filer\Java
2008-01-16 13:07    66,872    ----a-w    C:\WINDOWS\system32\PnkBstrA.exe
2008-01-12 23:01    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-01-12 18:20    ---------    d-----w    C:\Programmer\cs
2008-01-12 09:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-11 17:01    ---------    d-----w    C:\Documents and Settings\Spille konto\Application Data\SPAMfighter
2008-01-11 16:54    ---------    d-----w    C:\Documents and Settings\Spille konto\Application Data\Logitech
2008-01-11 16:53    ---------    d-----w    C:\Documents and Settings\Spille konto\Application Data\PC Suite
2008-01-11 12:26    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\Nokia
2008-01-10 23:17    ---------    d-----w    C:\Programmer\Google
2008-01-10 22:48    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\IEPro
2008-01-10 21:49    ---------    d-----w    C:\Programmer\CodecInstaller
2008-01-10 21:48    73,216    ----a-w    C:\WINDOWS\ST6UNST.EXE
2008-01-10 21:48    249,856    ------w    C:\WINDOWS\Setup1.exe
2008-01-10 21:46    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\vlc
2008-01-10 21:37    ---------    d-----w    C:\Programmer\VideoLAN
2008-01-10 18:43    ---------    d-----w    C:\Programmer\Fælles filer\Ankiro
2008-01-07 23:34    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\ErrorSmart
2008-01-04 16:26    ---------    d-----w    C:\Programmer\Pan Vision
2008-01-03 15:02    ---------    d-----w    C:\Programmer\Trymedia
2008-01-03 14:27    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Fugazo
2008-01-03 14:26    ---------    d-----w    C:\Programmer\Hotgames.com
2008-01-03 14:18    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\PlayFirst
2008-01-03 14:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-01 13:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-31 16:31    ---------    d-----w    C:\Programmer\Fælles filer\Oberon Media
2007-12-30 23:01    ---------    d-----w    C:\Documents and Settings\Dorthe\Application Data\Logitech
2007-12-30 17:16    ---------    d-----w    C:\Programmer\Diner Dash Flo On The Go
2007-12-30 17:15    ---------    d-----w    C:\Programmer\ReflexiveArcade
2007-12-29 17:37    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\Microsoft Games
2007-12-29 17:37    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-12-29 17:35    ---------    d-----w    C:\Programmer\Microsoft Games
2007-12-29 00:06    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\Logitech
2007-12-29 00:06    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-29 00:05    0    ---ha-w    C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2007-12-29 00:05    ---------    d-----w    C:\Programmer\Fælles filer\Logishrd
2007-12-29 00:03    ---------    d-----w    C:\Programmer\WIDCOMM
2007-12-29 00:02    ---------    d-----w    C:\Programmer\Logitech
2007-12-29 00:02    ---------    d-----w    C:\Documents and Settings\Hans Henrik\Application Data\InstallShield
2007-12-28 23:58    ---------    d-----w    C:\Programmer\Fælles filer\Logitech
2007-12-27 18:41    ---------    d-----w    C:\Programmer\BellesBeautyBoutique_at
2007-12-26 14:48    ---------    d-----w    C:\Documents and Settings\Dorthe\Application Data\PC Suite
2007-12-26 14:48    ---------    d-----w    C:\Documents and Settings\Dorthe\Application Data\Nokia
2007-12-26 10:35    ---------    d-----w    C:\Documents and Settings\Dorthe\Application Data\FSW2
2007-12-13 18:09    972,072    ----a-w    C:\WINDOWS\UNNeroMediaHome.exe
2007-12-12 23:34    22,328    ----a-w    C:\Documents and Settings\Hans Henrik\Application Data\PnkBstrK.sys
2007-12-07 02:13    824,832    ----a-w    C:\WINDOWS\system32\wininet.dll
2007-12-05 01:53    356,352    ----a-w    C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 08:59    972,072    ----a-w    C:\WINDOWS\UNRecode.exe
2007-12-03 17:04    95,600    ----a-w    C:\WINDOWS\system32\NeroCo.dll
2006-06-23 22:48    32,768    ----a-r    C:\WINDOWS\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52    1298024    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52    177768    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 09:53 68856]
"Steam"="c:\programmer\steam\steam.exe" [2008-01-04 18:18 1266936]
"RegistryCleanFixMFC"="C:\Programmer\RegistryCleaner\registrycleaner.exe" [ ]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"PC Suite Tray"="C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
"Norman ZANDA"="C:\virusfighter\Bin\ZLH.exe" [2005-05-25 13:11 135168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 11:00 53248]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-11-13 01:10 286720]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SpyHunter Security Suite"="C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 11:00 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\Dorthe\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

C:\Documents and Settings\Hans Henrik\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
HP Image Zone Fast Start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52 53248]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-12-29 01:05:27 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Programmer\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 11:00 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxlrvps"= {E82A912C-B77E-4985-BE27-283210886B5B} - C:\WINDOWS\bxlrvps.dll [2008-02-26 06:35 323584]
"alofkmn"= {75D673CE-F475-4305-9043-A4F9ED1434D3} - C:\WINDOWS\alofkmn.dll [2008-02-26 06:35 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\spil\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmer\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Programmer\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmer\\Joost\\xulrunner\\tvprunner.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15081:TCP"= 15081:TCP:vandværk

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Programmer\SPAMfighter\sfus.exe [2008-01-02 17:03]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]
R3 SWUSBFLT;VIA-filterdriver til Microsoft SideWinder;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 21:02]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-05-31 13:51]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-05-24 12:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 09:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 23:34:45 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Programmer\ErrorSmart\ErrorSmart.ex
- C:\Programmer\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 14:27:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Programmer\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmer\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-02-26 14:28:28
ComboFix-quarantined-files.txt  2008-02-26 13:28:26
.
2008-02-13 09:43:28    --- E O F ---
Avatar billede bigh Nybegynder
26. februar 2008 - 14:30 #9
Her er en efter combofix hijackthis logfile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:17, on 26-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\virusfighter\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\programmer\steam\steam.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Norman\Npf\Bin\Npfmsg2.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Hans Henrik\Skrivebord\Hijackthis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Norman ZANDA] C:\virusfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Programmer\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://www.webmail.schulstad.dk/iNotes6W.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://webcam.vsk.dk/ocx/IMMP4Control.ocx
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: bxlrvps - {E82A912C-B77E-4985-BE27-283210886B5B} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: alofkmn - {75D673CE-F475-4305-9043-A4F9ED1434D3} - C:\WINDOWS\alofkmn.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\virusfighter\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe

--
End of file - 13563 bytes
Avatar billede bigh Nybegynder
26. februar 2008 - 15:24 #10
skal du ikke have dine points ??  hvordan gør man
26. februar 2008 - 15:30 #11
Standby... Der er mere endnu..
26. februar 2008 - 15:34 #12
Afinstaller
* RegistryCleanFix
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\ekvgsnw.dll
C:\WINDOWS\bxlrvps.dll
C:\WINDOWS\alofkmn.dll
C:\WINDOWS\fkxvkns.exe

Folders to delete:
C:\Programmer\Yahoo!
C:\Programmer\RegistryCleaner\
C:\Programmer\Fælles filer\Symantec Shared
~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Programmer\RegistryCleaner\registrycleaner.exe
O21 - SSODL: bxlrvps - {E82A912C-B77E-4985-BE27-283210886B5B} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: alofkmn - {75D673CE-F475-4305-9043-A4F9ED1434D3} - C:\WINDOWS\alofkmn.dll

##############

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.
Avatar billede bigh Nybegynder
26. februar 2008 - 16:00 #13
Du er en sej nød, det her er verdensklasse


AVENGER SVAR:


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qibtsqpp

*******************

Script file located at: jhddvbcp

Could not open script file!  Error

Could not open script file!  Status: 0xc000003b  Abort!



HIJACKTHIS SVAR:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:27, on 26-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Hans Henrik\Skrivebord\Hijackthis\HiJackThis.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://www.webmail.schulstad.dk/iNotes6W.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://webcam.vsk.dk/ocx/IMMP4Control.ocx
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: bxlrvps - {6F0EF5BE-02C0-48EF-B518-B069DA0728B3} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: alofkmn - {CFB04DA6-6C45-433F-A411-061BAA4121C4} - C:\WINDOWS\alofkmn.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe

--
End of file - 12961 bytes
Avatar billede bigh Nybegynder
26. februar 2008 - 16:07 #14
RegistryCleanFix har jeg ikke, eller kan ikke finde den i
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]
Avatar billede bigh Nybegynder
26. februar 2008 - 16:27 #15
Hej igen

Jeg er desværre nød til at køre på arbejde og kan ikke være med mere i dag.
Men når jeg kommer hjem i aften vil jeg gør færdigt.
Håber det er ok. Du har været en uvurderlig hjælp og nu syntes jeg du skal tage dine points så har du dem da.

mvh
Hans Henrik
26. februar 2008 - 16:30 #16
... du skal lige gennemføre denne Avenger procedure igen; der er vist gjort noget forkert ???
Avatar billede bigh Nybegynder
27. februar 2008 - 10:26 #17
Hej Karise larry du skulle vel ikke være på i dag igen


//Hans Henrik
Avatar billede bigh Nybegynder
27. februar 2008 - 10:41 #18
Hej  Jeg har lavet en ny HIJACKTHIS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:43, on 27-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Programmer\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hans Henrik\Skrivebord\Hijackthis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://www.webmail.schulstad.dk/iNotes6W.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://webcam.vsk.dk/ocx/IMMP4Control.ocx
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: bxlrvps - {6F0EF5BE-02C0-48EF-B518-B069DA0728B3} - C:\WINDOWS\bxlrvps.dll (file missing)
O21 - SSODL: alofkmn - {CFB04DA6-6C45-433F-A411-061BAA4121C4} - C:\WINDOWS\alofkmn.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
27. februar 2008 - 23:11 #19
Hvor kom denne nu fra ->
[ctfmona] C:\WINDOWS\system32\ctfmona.exe


Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe

O21 - SSODL: bxlrvps - {6F0EF5BE-02C0-48EF-B518-B069DA0728B3} - C:\WINDOWS\bxlrvps.dll (file missing)
O21 - SSODL: alofkmn - {CFB04DA6-6C45-433F-A411-061BAA4121C4} - C:\WINDOWS\alofkmn.dll (file missing)

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------
Avatar billede bigh Nybegynder
27. februar 2008 - 23:33 #20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:48, on 27-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\programmer\steam\steam.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Documents and Settings\Hans Henrik\Skrivebord\Hijackthis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://www.webmail.schulstad.dk/iNotes6W.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://webcam.vsk.dk/ocx/IMMP4Control.ocx
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe

--
End of file - 13268 bytes
Avatar billede bigh Nybegynder
27. februar 2008 - 23:33 #21
Hej igen filen ligger ovenfor
Avatar billede bigh Nybegynder
27. februar 2008 - 23:48 #22
UPPPPS du får lige en HIJACKTHIS efter der er foretaget en genstart, det glemte jeg før:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:42, on 27-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\programmer\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hans Henrik\Skrivebord\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://www.webmail.schulstad.dk/iNotes6W.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://webcam.vsk.dk/ocx/IMMP4Control.ocx
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe

--
End of file - 13334 bytes
28. februar 2008 - 07:17 #23
Så er du ved at være 'i hus' - hvordan kører PC'en så nu ?
Avatar billede bigh Nybegynder
28. februar 2008 - 09:54 #24
Hej Den kører rigtig godt, den er blevet hurtigerer til at starte op. Der er heller ikke flere belastene popus med div. advarsler omkring alverdens angreb af virus og spyware der vil ødelægge min pc.
Du skal have mange tak for din indsats, jeg er meget taknemmelig.

Med venlig hilsen
Hans Henrik
28. februar 2008 - 11:38 #25
Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
28. februar 2008 - 20:37 #26
Takker for P.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester