/ Forside/ Teknologi / Operativsystemer / MS Windows / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
MS Windows
#NavnPoint
Klaudi 76474
o.v.n. 67550
refi 58409
tedd 45557
Manse9933 45149
molokyle 40687
miritdk 38357
briani 27239
BjarneD 26414
10  pallebhan.. 24310
jeg behøver virkelig hjælp.
Fra : sandramaria01
Vist : 1601 gange
80 point
Dato : 17-06-07 20:53

Det viser sig at min computer har fået virus, delsim dialer. Den driller helt vildt. Jeg kan bl.a. kun holde kontakten til nettet i måske 1 minuts tid, for derefter at måtte hive stikket ud i kort tid, og derefter stikke det ind igen....Jeg er ikke skarp til alt det indvendige i computeren, så hvis nogen kan guide er jeg taknemmelig

 
 
Kommentar
Fra : o.v.n.


Dato : 17-06-07 20:59

Pyha ikke min stærke side, at fjerne den slags jeg foretrækker at holde skidtet ude, men start med en HiJackThis log: http://sptlarsenserious.googlepages.com/HijackThis læs på siden i linket, det er Kandu som er brugt som eksempel, læg loggen her, så kommer der helt sikkert en og hjælper dig med at rense

Kommentar
Fra : sandramaria01


Dato : 17-06-07 21:08

ok -mange tak - det vil jeg forsøge. Hej.

Kommentar
Fra : sandramaria01


Dato : 17-06-07 21:30

Hej igen.
Så har jeg forsøgt at følge vejledningen og resultatet følger nedenfor. Håber der er hjælp at hente!?
Sandra


Logfile of HijackThis v1.99.1
Scan saved at 21:25:48, on 17-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\tremapi.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Viewpoint\Common\ViewpointService.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Multimedia Mouse\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tremapi.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmer\Multimedia Mouse\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Gunnar\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145174329281
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Tremapi - Unknown owner - C:\WINDOWS\tremapi.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmer\Viewpoint\Common\ViewpointService.exe


********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
17-06-2007 21:29:38,06

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 21:29:38
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C84 Series (kopi 1) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"??%?4?????A????????????Y7~????????????????|????????????????????Y7~????|???????????8???????????X?8~????|???????j?8~|??????????????|???????
EPSON Stylus C84 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"???????A?????_?????E????????????a?w??&?????????????|????????????????????b?w????|???????????8???????????h??w????|???????z??w|???????????)??|???????

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0


Kommentar
Fra : transor


Dato : 17-06-07 23:01

Når du har xp er det så nemt.
Du laver bare systemgendannelse til et tidspunkt før snavset kom ind i maskinen.
det ødelægger ikke nogen datafiler eller emails. Men alle programmer der er installeret efter den pågældende dato- herunder snavset- bliver parkeret på et "sidespor" og bliver uvirksomt, indtil du evt fortryder og laver tilbage.
Intet kan varigt ødelægges ved operationen,. Husk bare den kan vare et stykke tid med perioder med sort skærm, og automatiske genstart. så bare vent til den melder at operationen er overstået.


Se i hjælpefunktionen hvordan, hvis du ikke ved det.
Og pas så på hvilke dumme e-mail du lukker op, og hvilket skidt du dovnloader i fremtiden.

Kommentar
Fra : o.v.n.


Dato : 17-06-07 23:05

Det er nu ikke den rigtige vej, til at fjerne virus, vent med at gøre noget til en expert har set på din log

Kommentar
Fra : sandramaria01


Dato : 17-06-07 23:09

Mange tak for svar. Har allerede forsøgt at gendanne, men absolut uden held. Håber derfor på flere forslag til løsning af problemet. Hej.

Kommentar
Fra : o.v.n.


Dato : 17-06-07 23:23

Med Windows XP som styresystem, kan du i ventetiden prøve at køre denne lille hurtige, nemme, gode og gratis online scanner: http://www.spywarefri.dk/spywarefri-onlinescan.htm den kan måske fjerne delsim dialeren, men der kan være andet, så vent med at lukke spørgsmålet, til din log er set igennem

Kommentar
Fra : transor


Dato : 17-06-07 23:33

Huskede du også at køre i safe mode under gendannelsen ?

Princippet i hi-jack loggen er god nok. Jeg har bare aldrig set at nogen har fået et godt svar fra en ekspert, som med bestemthed kunne sige hvad der skal gøres.


Kommentar
Fra : o.v.n.


Dato : 17-06-07 23:46

Citat
Princippet i hi-jack loggen er god nok. Jeg har bare aldrig set at nogen har fået et godt svar fra en ekspert, som med bestemthed kunne sige hvad der skal gøres.
i loggen kan der ses hvad som er på computeren, og for dem som kan tyde en sådan log og kender til diverse sikkerheds programmer, kommer der hjælp til at hente og bruge det rigtige værktøj, du må trænge til nye briller transor, hvis du ikke har set diverse sikkerheds problemer blive løst, blandt andet her på Kandu

Kommentar
Fra : pallebhansen


Dato : 18-06-07 00:08

Du har da selv installeret:
SpyBlocker \spywarestopper og norman
Har du prøvet at starte en ad dem, og sige scan til dit c-drev, og lade den køre hele harddisken igennem, lade programmet vinge virus af, og trykke videre.

Tøm også dine cookies: I internet explorer, vælges funktioner/internetindstillinger/slet cookies og filer herinde, det er ikke nogen der skal bruges. (Gør det før du kører antivirus, så går det hurtigere)
VH Palle Hansen

Kommentar
Fra : stl_s


Dato : 18-06-07 01:25

Afinstaller Viewpoint i Tilføj/Fjern programmer.

Gør derefter dette:

Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Genstart i fejlsikret, hvis du ikke ved hvordan så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html


Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

Og kom også med en frisk HijackThis log.



Kommentar
Fra : axelbjarne


Dato : 18-06-07 06:41

Prøv dette:
Kontrolpanel, Ydelse og vedligehold, Administration, Tjenester og åbn Remote Procedure Call, hvor du ændre indstillingen til Foretag intet, så skulle computeren ikke lukke ned. Derefter skal du kunne være på nettet.



Kommentar
Fra : o.v.n.


Dato : 18-06-07 10:06

Axelbjarne - dit indlæg er bare til at forvirre spørgeren

Kommentar
Fra : sandramaria01


Dato : 18-06-07 11:02

Allerførst filen Report.txt:

SDFix: Version 1.88

Run by Gunnar on 18-06-2007 at 10:01

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:





C:\WINDOWS\system32\Microsoft\backup.ftp Found...
C:\WINDOWS\system32\Microsoft\backup.tftp Found...

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS\
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Gunnar\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\EN6NQ1UF\\tdchasti[1].exe"="C:\\Documents and Settings\\Gunnar\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\EN6NQ1UF\\tdchasti[1].exe:*:Enabled:TDC Hastighed"
"C:\\Programmer\\Real\\RealPlayer\\realplay.exe"="C:\\Programmer\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Documents and Settings\\Gunnar\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\0LE5F7K5\\tdc_hastighedstest[1].exe"="C:\\Documents and Settings\\Gunnar\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\0LE5F7K5\\tdc_hastighedstest[1].exe:*:Enabled:TDC Hastighed"
"C:\\Programmer\\AIM\\aim.exe"="C:\\Programmer\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Documents and Settings\\Gunnar\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\SFJ7YS5D\\tdc_hastighedstest[1].exe"="C:\\Documents and Settings\\Gunnar\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\SFJ7YS5D\\tdc_hastighedstest[1].exe:*:Enabled:TDC Hastighed"
"C:\\Programmer\\MatchWare\\Mediator 8.0 Pro\\medi8or.exe"="C:\\Programmer\\MatchWare\\Mediator 8.0 Pro\\medi8or.exe:*:Enabled:Mediator"
"C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE"="C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"="C:\\Programmer\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programmer\\iTunes\\iTunes.exe"="C:\\Programmer\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmer\\Octoshape Streaming Services\\Gunnar\\OctoshapeClient.exe"="C:\\Programmer\\Octoshape Streaming Services\\Gunnar\\OctoshapeClient.exe:*:EnabledtoshapeClient"
"C:\\Programmer\\Mozilla Firefox\\firefox.exe"="C:\\Programmer\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programmer\\Skype\\Phone\\Skype.exe"="C:\\Programmer\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Programmer\Picasa2\setup.exe
C:\WINDOWS\avg.exe
C:\WINDOWS\tremapi.exe
C:\WINDOWS\system32\5F7507F86D.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\sandra\Application Data\Microsoft\Word\~WRL1063.tmp
C:\Documents and Settings\sandra\Dokumenter\~WRL0001.tmp
C:\Documents and Settings\sandra\Dokumenter\~WRL0166.tmp
C:\Documents and Settings\sandra\Dokumenter\~WRL0764.tmp
C:\Documents and Settings\sandra\Dokumenter\~WRL1658.tmp
C:\Documents and Settings\sandra\Dokumenter\~WRL3679.tmp
C:\Documents and Settings\sandra\Skrivebord\~WRL0061.tmp
C:\Documents and Settings\sandra\Skrivebord\~WRL1977.tmp
C:\Documents and Settings\sandra\Skrivebord\~WRL2943.tmp
C:\Documents and Settings\sandra\Skrivebord\~WRL3320.tmp

Listing User Accounts:

Brugerkonti for \\PC-GUNNAR

Administrator ASPNET Gunnar
G‘st Hj‘lpeassistent maribel
milene sandra SUPPORT_388945a0
Kommandoen blev udf›rt.


Finished




Dernæst en frisk HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 11:02:02, on 18-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\tremapi.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Multimedia Mouse\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tremapi.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmer\Multimedia Mouse\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Gunnar\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145174329281
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Tremapi - Unknown owner - C:\WINDOWS\tremapi.exe



Kommentar
Fra : sandramaria01


Dato : 18-06-07 13:45

Iøvrigt ... densim dialer er ikke længere at finde i programmer, men ikonet findes på c drevet og hedder nu u5p4j6y6c.
Stadig problemer med vedvarende netforbindelse ... allerhøjst et par minutter. Desuden kan jeg ikke skifte mellem brugerkonti. Umiddelbart kan jeg ikke gennemskue hvad det evt. kan skyldes?
Hej.

Kommentar
Fra : o.v.n.


Dato : 18-06-07 14:53

Vent på at stl_s kommer og hjælper dig videre

Kommentar
Fra : sandramaria01


Dato : 18-06-07 14:56

det vil jeg gøre - mange tak. Hej :)

Kommentar
Fra : stl_s


Dato : 18-06-07 16:33

Gør lige dette:

For at kunne se alle filer og mapper, gør du dette http://www.spywareinfo.dk/#/tip-og-tricks/mappeindstillinger.htm

Gå så her ind http://www.virustotal.com/en/indexf.html

Klik Browse, og klik dig frem til denne fil C:\WINDOWS\tremapi.exe

Marker den, og klik Send. Afvent resultatet af scanningen, og kopier resultatet her ind.

Bagefter, så gå her ind og scan filen efter samme metode http://research.sunbelt-software.com/submit.aspx

Klik Browse, og når du har klikket dig frem til filen og markeret den, så klik Submit sample for analysis.

Her bliver resultatet fremsendt pr email. I email feltet indsætter du min email som er admin(at)malwarecheck.dk erstat (at) med @

Hvis du får en fejl når du uploader filen, så prøv at gentage proceduren i fejlsikret med NETVÆRK.



Kommentar
Fra : sandramaria01


Dato : 18-06-07 22:09

Er i tvivl om det er den rette fil jeg har fundet(?) Det var den eneste jeg kunne finde der lignede .... og ved ikke om resultatet af scanningen hos virustotal er komplet!? Det kniber nemlig med at bevare forbindelsen til nettet ... omend min computer som sagt angiver at forbindelsen er tilsluttet.

File "TREMAPI.EXE-2E01B349.pf" received on 06.18.2007 at 21:50:42 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus   Version   Update   Result
AhnLab-V3   2007.6.16.0   06.18.2007   no virus found
AntiVir   7.4.0.32   06.18.2007   no virus found
Authentium   4.93.8   06.18.2007   no virus found
Avast   4.7.997.0   06.18.2007   no virus found
AVG   7.5.0.467   06.18.2007   no virus found
BitDefender   7.2   06.18.2007   no virus found
CAT-QuickHeal   9.00   06.18.2007   no virus found
ClamAV   devel-20070416   06.18.2007   no virus found
DrWeb   4.33   06.18.2007   no virus found
eSafe   7.0.15.0   06.17.2007   no virus found
eTrust-Vet   30.7.3726   06.18.2007   no virus found
Ewido   4.0   06.18.2007   no virus found

Aditional Information
File size: 30754 bytes
MD5: 87372be1f19184506f14b3414fd095b8
SHA1: f0122f02cf07328a8fa93ea1afdd6a11819a55bf

Kommentar
Fra : stl_s


Dato : 18-06-07 22:21

Det var prefetch versionen du fandt, og den kan ikke bruges. Prøv en gang til, om du ikke kan finde den rigtige i Windows.

Der er denne sti: C:\WINDOWS\tremapi.exe

Hvis du ikke kan, så fjerner vi den med backup, da jeg er ret overbevist om, at den er synderen.

Kommentar
Fra : sandramaria01


Dato : 18-06-07 22:30

Jeg kan bare ikke finde den. Har virkeligt fulft opskriften, men den var der bare ikke. Så søgte vi efter den og der kom denne her frem........

Kommentar
Fra : stl_s


Dato : 18-06-07 22:38

Ok, så væk med den, og så må vi se om det løser problemet:

Hent Avenger ned til skrivebordet her fra:
http://swandog46.geekstogo.com/avenger.exe

1. Dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------


Files to delete:
C:\WINDOWS\tremapi.exe


-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar, sammen med en frisk HijackThis log.


Kommentar
Fra : sandramaria01


Dato : 18-06-07 23:06

Efter genstart dukker der godt nok et notepad-vindue op, men det er blankt. og foran det er åbnet et mindre vindue, hvori der står at filen avenger.txt ikke blev fundet. jeg bliver spurgt om jeg vil oprette en ny fil...ja-nej-anuller. Hvad synes du er krævet?

Kommentar
Fra : stl_s


Dato : 18-06-07 23:07

Prøv lige at genstarte, og kom med en frisk HijackThis log

Kommentar
Fra : sandramaria01


Dato : 18-06-07 23:09

Kommer her:

Logfile of HijackThis v1.99.1
Scan saved at 23:12:30, on 18-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Multimedia Mouse\MouseDrv.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\tremapi.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tremapi.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmer\Multimedia Mouse\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Gunnar\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145174329281
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Tremapi - Unknown owner - C:\WINDOWS\tremapi.exe


Kommentar
Fra : sandramaria01


Dato : 18-06-07 23:11

Om igen. Jeg glemte at genstarte...

Kommentar
Fra : sandramaria01


Dato : 18-06-07 23:14

Her kommer så en helt frisk een :)

Logfile of HijackThis v1.99.1
Scan saved at 23:17:03, on 18-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\tremapi.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Multimedia Mouse\MouseDrv.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\tremapi.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmer\Multimedia Mouse\MouseDrv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Gunnar\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145174329281
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Tremapi - Unknown owner - C:\WINDOWS\tremapi.exe



Kommentar
Fra : stl_s


Dato : 19-06-07 00:02

Ok, vi prøver et andet værktøj.

Hent OldTimers`s OTMoveit ned til skrivebordet her http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Kør OTMoveit.exe ved at dobbeltklikke på den

Kopier nedenstående linie ind i vinduet til venstre, "Paste List of Files/Folders to be Moved".


C:\WINDOWS\tremapi.exe


Klik så på den røde knap MoveIt!

Hvis programmet beder dig genstarte PC`en, så klikker du Yes.

Efter at proceduren er gennemført, kopier da venligst resultatet i det højre vindue "Results", her ind.

Alternativt så åbn mappen C:\_OTMoveIt, åbn mappen MovedFiles og find txt filen i den, og kopier den ind i stedet for.



Kommentar
Fra : sandramaria01


Dato : 19-06-07 00:09

C:\WINDOWS\tremapi.exe moved successfully.

Created on 06-19-2007 00:12:47


Kommentar
Fra : stl_s


Dato : 19-06-07 00:55

Det ser godt ud.

Prøv så lige at køre trin 1-2 og 5 herfra http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Kopier venligst scannernes logs her ind bagefter.

Den fra SuperAntiSpyware finder du i Statistics/Logs. Dobbeltklik for at åbne loggen.

Kom også med en frisk HijackThis log.

Er der bedring i tilstanden nu ?



Kommentar
Fra : stl_s


Dato : 19-06-07 01:14

Og nu er der dukket noget op på Google, som fortæller os at den fil vitterlig ER den nye variant af Delsim Dialer http://www.virushelp.org/PNphpBB2-viewtopic-p-11734.html

Men scan bare din maskine godt igennem med Ewido og SuperAntiSpyware alligevel

Kommentar
Fra : sandramaria01


Dato : 19-06-07 09:55

Her kommer den første



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/19/2007 at 09:51 AM

Application Version : 3.8.1002

Core Rules Database Version : 3257
Trace Rules Database Version: 1268

Scan type : Complete Scan
Total Scan Time : 00:50:51

Memory items scanned : 497
Memory threats detected : 0
Registry items scanned : 6411
Registry threats detected : 0
File items scanned : 44260
File threats detected : 130

Adware.Tracking Cookie
   C:\Documents and Settings\Gunnar\Cookies\gunnar@adserver.banneradministration[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@adserver.banneradministration[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@adserver.banneradministration[4].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@adtech[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@adtech[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@adtech[4].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@advertising[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@advertising[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@advertising[3].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@advertising[4].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@as-us.falkag[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@as1.falkag[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@as1.falkag[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@as1.falkag[3].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@as1.falkag[4].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@as1.falkag[5].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@as1.falkag[6].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[10].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[11].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[12].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[3].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[4].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[5].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[6].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[7].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[8].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@bannere.fyens[9].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@e2.emediate[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@ehg-dig.hitbox[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@indextools[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@partners.adultadworld[1].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@servedby.advertising[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@servedby.advertising[3].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@track.adform[2].txt
   C:\Documents and Settings\Gunnar\Cookies\gunnar@track.adform[3].txt
   C:\Documents and Settings\maribel\Cookies\maribel@2o7[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@2o7[3].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ad.yieldmanager[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ad1.emediate[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ads.pointroll[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ads.pointroll[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ads2.jubii[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@adserver.banneradministration[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@adtech[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@advertising[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@as1.falkag[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@atdmt[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@atwola[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@bannere.fyens[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@bs.serving-sys[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@casalemedia[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@doubleclick[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@e2.emediate[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@edge.ru4[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[10].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[11].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[12].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[13].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[14].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[16].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[3].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[4].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[5].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[6].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[7].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[8].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-dig.hitbox[9].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-hasbro.hitbox[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-ifilm.hitbox[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ehg-ubisoft.hitbox[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@fastclick[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@hitbox[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@hitbox[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@ilead.itrack[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@image.masterstats[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@indexstats[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@media.fastclick[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@mediaplex[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@microsoftwga.112.2o7[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@questionmarket[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@questionmarket[3].txt
   C:\Documents and Settings\maribel\Cookies\maribel@realmedia[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@s.as-us.falkag[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@server.iad.liveperson[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@serving-sys[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@serving-sys[3].txt
   C:\Documents and Settings\maribel\Cookies\maribel@statcounter[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@tacoda[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@track.adform[1].txt
   C:\Documents and Settings\maribel\Cookies\maribel@tradedoubler[2].txt
   C:\Documents and Settings\maribel\Cookies\maribel@www.macromedia[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adfarm1.adition[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@ads.arto[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@ads.freeway[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[3].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[4].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[5].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[6].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[7].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adserver.banneradministration[9].txt
   C:\Documents and Settings\sandra\Cookies\sandra@adtech[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@advertising[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@atdmt[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@bannere.fyens[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@bs.serving-sys[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@casalemedia[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@doubleclick[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@e2.emediate[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@ehg-hitent.hitbox[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@ehg-lhs.hitbox[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@h.starware[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@hitbox[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@mediaplex[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@msnportal.112.2o7[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@questionmarket[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@serving-sys[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@serving-sys[3].txt
   C:\Documents and Settings\sandra\Cookies\sandra@statcounter[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@track.adform[1].txt
   C:\Documents and Settings\sandra\Cookies\sandra@track.adform[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@tradedoubler[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@tribalfusion[2].txt
   C:\Documents and Settings\sandra\Cookies\sandra@try.starware[1].txt
   C:\Documents and Settings\sandra\Lokale indstillinger\Temp\Cookies\sandra@adserver.banneradministration[1].txt


Kommentar
Fra : stl_s


Dato : 19-06-07 10:09

Det ser fint ud, den fandt kun tracking cookies.

Når du har scannet med Ewido, så lad os lige tage et sidste check med dette værktøj:

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kør så combofix.exe, og følg vejledningen i vinduet.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kom også med En frisk HijackThis log.

Jeg ser på det hele, når jeg kommer hjem fra arbejde i eftermiddag.

Kommentar
Fra : sandramaria01


Dato : 19-06-07 11:49

ComboFix 07-06-18.2 - C:\Documents and Settings\Gunnar\Skrivebord\ComboFix.exe
"Gunnar" - 2007-06-19 11:45:49 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-19 11:42   49,152   --a------   C:\WINDOWS\nircmd.exe
2007-06-19 08:54   <DIR>   d--------   C:\Programmer\SUPERAntiSpyware
2007-06-19 08:54   <DIR>   d--------   C:\DOCUME~1\Gunnar\APPLIC~1\SUPERAntiSpyware.com
2007-06-19 08:54   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-17 21:25   218,112   --a------   C:\Programmer\HJTrenamed.exe
2007-06-16 11:27   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\Menuen Start
2007-06-16 11:25   17,464   --a------   C:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-06-14 21:34   <DIR>   d--h-----   C:\Programmer\F‘lles filer\delsim
2007-06-13 15:40   <DIR>   d--------   C:\travolta


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 09:30:07   --------   d--h--w   C:\Programmer\Fælles filer\delsim
2007-06-19 06:53:33   --------   d-----w   C:\Programmer\Fælles filer\Wise Installation Wizard
2007-06-18 07:10:24   --------   d-----w   C:\Programmer\Viewpoint
2007-06-16 09:18:40   --------   d-----w   C:\Programmer\Fælles filer\Symantec Shared
2007-06-14 19:34:27   --------   d-----w   C:\Programmer\Fælles filer
2007-06-14 09:10:31   --------   d-----w   C:\Programmer\Picasa2
2007-06-14 06:50:33   --------   d--h--w   C:\Programmer\InstallShield Installation Information
2007-06-14 06:49:10   --------   d-----w   C:\Programmer\Fælles filer\XCPCSync.OEM
2007-06-14 06:49:10   --------   d-----w   C:\DOCUME~1\Gunnar\APPLIC~1\XCPCSync.OEM
2007-06-13 21:50:52   --------   d-----w   C:\Programmer\Fælles filer\System
2007-06-12 12:40:06   --------   d-----w   C:\Programmer\Pixeline
2007-06-11 14:01:49   63,482   ----a-w   C:\WINDOWS\system32\perfc006.dat
2007-06-11 14:01:49   397,806   ----a-w   C:\WINDOWS\system32\perfh006.dat
2007-06-02 11:14:01   --------   d-----w   C:\Programmer\Mozilla Thunderbird
2007-05-30 20:49:06   --------   d-----w   C:\DOCUME~1\Gunnar\APPLIC~1\Ahead
2007-05-17 15:59:39   --------   d-----w   C:\Programmer\Magnus & Myggen - Quizkampen 2
2007-05-16 15:14:25   683,520   ------w   C:\WINDOWS\system32\inetcomm.dll
2007-05-15 19:32:08   --------   d-----w   C:\DOCUME~1\Gunnar\APPLIC~1\Skype
2007-05-13 08:27:32   --------   d-----w   C:\Programmer\Jul i Valhal
2007-05-13 08:27:23   --------   d-----w   C:\Programmer\Peddersen og Findus
2007-05-13 08:25:52   --------   d-----w   C:\Programmer\THQ
2007-05-13 08:22:08   --------   d-----w   C:\Programmer\Octoshape Streaming Services
2007-05-13 08:18:26   --------   d-----w   C:\DOCUME~1\Gunnar\APPLIC~1\SPAMfighter
2007-05-10 22:14:12   --------   d-----w   C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-05-10 17:47:23   --------   d-----w   C:\Programmer\ScanWizard 5
2007-05-03 08:05:40   --------   d-----w   C:\Programmer\Skype
2007-05-03 08:05:40   --------   d-----w   C:\Programmer\Fælles filer\Skype
2007-05-02 13:19:13   43,520   ----a-w   C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-25 14:22:43   144,896   ------w   C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:26   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-04-03 08:25:41   796,672   -c--a-w   C:\WINDOWS\GPInstall.exe
2007-04-03 08:21:56   1,438,298   ----a-w   C:\Programmer\Klient_install.exe
2007-04-02 08:36:12   221,856,440   ----a-w   C:\Programmer\PaintShopPro1120_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2007-03-21 07:52:12   5,804,616   ----a-w   C:\Programmer\Firefox Setup 2.0.0.3.exe
2006-07-24 11:00:29   104   --sh--r   C:\WINDOWS\system32\5F7507F86D.sys
2006-07-24 11:00:35   3,350   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programmer\google\googletoolbar3.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-08-20 05:56 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"SpywareStopper"="C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe" [2004-09-19 16:52]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2005-10-06 04:31]
"WireLessMouse"="C:\Programmer\Multimedia Mouse\MouseDrv.exe" [2005-06-30 14:48]
"type32"="C:\Programmer\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Norman ZANDA"="C:\VIRUSfighter\Npm\bin\ZLH.exe" [2007-04-27 13:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 18:43]
"dr_desktop"="C:\Programmer\DR Desktop\DR_DES~1.EXE" []
"EPSON Stylus C84 Series (kopi 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 06:08]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 06:08]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-24 10:59]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"Octoshape Streaming Services"="C:\Programmer\Octoshape Streaming Services\Gunnar\OctoshapeClient.exe" []
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f69e63-17dc-11dc-aaa6-00018058d6b1}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-06-15 09:45:45 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 11:49:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C84 Series (kopi 1) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"??%?4?????A????????????Y7~????????????????|????????????????????Y7~????|???????????8???????????X?8~????|???????j?8~|??????????????|???????
EPSON Stylus C84 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"???????A?????_?????E????????????a?w??&?????????????|????????????????????b?w????|???????????8???????????h??w????|???????z??w|???????????)??|???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-19 11:50:19

   --- E O F ---


Kommentar
Fra : sandramaria01


Dato : 19-06-07 11:53

Det svipsede at fange loggen fra Ewido ... og nu er jeg ikke lige klar over om/hvor jeg kan finde den?

Kommentar
Fra : sandramaria01


Dato : 19-06-07 11:54

Logfile of HijackThis v1.99.1
Scan saved at 11:57:29, on 19-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Multimedia Mouse\MouseDrv.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmer\Multimedia Mouse\MouseDrv.exe
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Gunnar\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145174329281
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Tremapi - Unknown owner - C:\WINDOWS\tremapi.exe (file missing)



Kommentar
Fra : sandramaria01


Dato : 19-06-07 12:03

Og ja, det ser ud til at fungere igen. Super!
Forbindelsen til nettet var ok allerede inden jeg kørte trin 1 - 2 & 5 fra malwarecheck.

Med Ewido noterede jeg at den fandt mere en 500 af medium risiko og 11 med højrisiko deraf flere med navnet densim.dialer ... som alle så blev fjernet.

Har et par supplerende spørgsmål, men dem kan vi måske tage når du har set på de seneste logfiler!?! Hej så længe :)

Kommentar
Fra : stl_s


Dato : 19-06-07 17:47

Pyt med Ewido loggen, jeg har set hvad jeg behøver at se.

Der er lige lidt mere der skal ryddes af vejen:


Gå i start/Kør -> Skriv cmd og klik ok. I det sorte vindue skriver du sc delete CLTNetCnService og trykker på <enter> knappen.


Gå i start/Kør -> Skriv services.msc og find denne service Tremapi

Dobbeltklik på den, og sørg for at den er stoppet. Derefter sætter du den i Starttype til at være deaktiveret. Klik Anvend og Ok hele vejen ud.



Så gør dette:

1. Klik på "Start" - Vælg "Søg".

2. Klik på linket "Skift indstillinger".

3. Klik på "Skift søgefunktioner for filer og mapper"

4. Sæt prik i "Avanceret" og klik OK.

5. Klik på "Alle filer og mapper"

6. Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.


Klik på "Alle filer og mapper". Brug den øverste søgebox til at søge på Delsim, Symantec, Norton, og Viewpoint, og slet hvad du finder.


Tip, hvis du kopierer denne linie ind, så finder den dem alle i samme søgning:

Delsim;Symantec;Norton;Viewpoint


Kender du selv den her -> C:\travolta Hvis ikke, så slet den.


Så har skidtet lavet lidt ændringer i registreringsdatabasen, og de kan rettes med Dial-A-Fix.

Hent Dial-A-Fix her, og pak den ud til skrivebordet http://www.softpedia.com/get/System/System-Miscellaneous/Dial-a-fix.shtml

Åbn mappen og kør Dial-A-Fix (Det blå "tandhjul").

Hvis vinduet "Restrictive policies" nu åbner, så fjern fluebenet i "hide disabled policies", klik "Rescan", og klik Remove. Luk vinduet.

Klik nu på den lille hammer nederst i vinduet (tools). I det øverste af vinduet der nu åbner, finder du "Remove restrictions", markerer linien, og klikker GO. Vent til den er færdig. Luk Dial-A-Fix, genstart maskinen, og kom med en Frisk HijackThis log.

Så er vi tæt på at være i mål.

Kommentar
Fra : stl_s


Dato : 19-06-07 19:40

"Remove restrictions" <- Den sidstnævnte her, skulle være "Repair permissions", sorry.

Kommentar
Fra : sandramaria01


Dato : 19-06-07 20:35

det er ikke lykkedes mig at downloade dial-a-fix ... der sker ikke rigtig noget når jeg klikker ...

Kommentar
Fra : stl_s


Dato : 19-06-07 21:05
Kommentar
Fra : sandramaria01


Dato : 19-06-07 23:01

Logfile of HijackThis v1.99.1
Scan saved at 23:04:01, on 19-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Multimedia Mouse\MouseDrv.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\Programmer\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmer\Multimedia Mouse\MouseDrv.exe
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [dr_desktop] "C:\Programmer\DR Desktop\DR_DES~1.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (kopi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C84 Series (kopi 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programmer\Octoshape Streaming Services\Gunnar\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145174329281
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE



Kommentar
Fra : stl_s


Dato : 19-06-07 23:10

Det ser fint ud .

Kør lige trin 5 og 6 her, så skulle det være i orden http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Kommentar
Fra : sandramaria01


Dato : 19-06-07 23:30

Så er det osse gjort :)
Vil du mene det er ok nu?

Kommentar
Fra : stl_s


Dato : 19-06-07 23:33

Ja, den ser ud til at være helt væk.

Kommentar
Fra : sandramaria01


Dato : 19-06-07 23:47

super! Det er jeg sørme glad for - så kan jeg blive færdig med forberedelserne til min allersidste eksamen inden jeg afslutter mit studie.
Du har været en uvurderlig hjælp og jeg er dig dybt taknemmelig - mange tak!

Kommentar
Fra : stl_s


Dato : 19-06-07 23:51

Godt det lykkedes .

Du havde nogle supplerende spørgsmål ?

Kommentar
Fra : stl_s


Dato : 19-06-07 23:56

Btw, du kan godt slette værktøjerne nu. SDFix, OTMoveit, og Avenger har også mapper på C drevet.

Kommentar
Fra : sandramaria01


Dato : 20-06-07 00:37

De fleste spørgsmål har vist alligevel besvaret sig selv hen ad vejen ... men min mand havde vist et par spørgsmål så mon ikke lige han vender tilbage i morgen ... hvis altså det er ok med dig!?
Hej :)

Kommentar
Fra : stl_s


Dato : 20-06-07 00:38

Han skal være velkommen


Kommentar
Fra : vil.du


Dato : 20-06-07 01:54

Hvor er du altså bare dygtig stl_s - jeg er imponeret og din tålmodighed med os, alm. dødelige
Du er guld værd for os allesammen
Jeg har fulgt tråden og er blevet mere og mere imponeret!

Held og lykke med din eksamen sandra



Kommentar
Fra : sandramaria01


Dato : 20-06-07 10:27

Mange tak.
Hej.

Kommentar
Fra : stl_s


Dato : 20-06-07 14:43

Tusind tak for de smukke ord vil.du

Kommentar
Fra : sandramaria01


Dato : 20-06-07 15:49

Er der nogle specielle forholdsregler vi skal tage fremover. Hvad vil du anbefale af beskyttelse. Virussen kom jo pludselig torsdag aften, uden at vi sad ved computeren. Hvad synes du? Hilsen Sandras tømrer mand.

Accepteret svar
Fra : stl_s

Modtaget 80 point
Dato : 20-06-07 15:59

I disse tider risikerer man nemt, at der dumper ubehageligheder ned fra nettet, som antivirus ikke fanger. Mine generelle råd til at forebygge det, ser du i dette tip http://www.kandu.dk/Tip16068.aspx

Kommentar
Fra : Jrod


Dato : 29-06-07 14:19

Findes der noget bedre end Eksperter på dette område, jeg synes stl_s gør et kæmpe stykke arbejde og det samme gør Team Spywarefri.dk

HURA for jer. I er satme nogle hajer..

Keep up the good work.


Kommentar
Fra : sandramaria01


Dato : 29-06-07 14:56

Ja er de ikke fantastiske. De skulle faktisk betænkes af julemanden.

Kommentar
Fra : o.v.n.


Dato : 29-06-07 15:11

sandramaria01 du kan være julemanden og give stl_s sine velfortjente point, ved at klikke på Accepter i det af stl_s´s indlæg, som løste dit problem

Godkendelse af svar
Fra : sandramaria01


Dato : 29-06-07 18:34

Tak for svaret stl_s. Nå er det sådan, man gør, ups....Jeg vil også gerne af med point, hvordan gør jeg så det

Kommentar
Fra : sandramaria01


Dato : 29-06-07 18:38

Nå, nu kan jeg se at der er point undervejs, åh... Tak O.V.N. for vognstangen

Kommentar
Fra : sandramaria01


Dato : 29-06-07 18:46

Første gang jeg bruger dette forum ... og var så optaget af mine problemer med computeren at jeg ikke lige hæftede mig ved detaljerne :)
Sorry(!) - hjælpen er afgjort uvurderlig.
Hej.

Kommentar
Fra : stl_s


Dato : 03-07-07 11:34

Tak for "roserne" allesammen

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177551
Tips : 31968
Nyheder : 719565
Indlæg : 6408825
Brugere : 218887

Månedens bedste
Årets bedste
Sidste års bedste