Zlob, smitfraud, pop-ups, rød tapet ændringer

**guccijana** · #1 28. sep 2007, 17:13

Mit navn er Tatjana og im desperate for at få hjælp, prøvet næsten alle virusscanning outthere, men ingen held. Jeg har forsøgt at hente smitfraud fix, men det kunne ikke være safed fordi kilde kunne ikke findes "eller" ukendt fejl ".. samme nøjagtige problem som denne fyr" og jeg bliver ved med at få dumme pop ups siger min pc er under trussel via proceslinjen / værktøjslinjen, og et stort rødt kryds blinker på proceslinjen og min baggrund på skrivebordet ændringer til en rød baggrund en stor symbol billedet, og Norton cant se denne, en af pop op bobler fra proceslinjen / værktøjslinjen siger sin trojan32.looksky, og også min hjemmeside på IE er ændret til ucleaner.com, ultimative renere 2007, whicjh er en falsk spyware ting scanner / rensemidler "
behage hjælp mig!
min log

Logfile af HijackThis v1.99.1
Scan gemt på 7:26:18 PM, den 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ brsvc01a.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Dell \ Media Experience \ PCMService.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ Programmer \ Yahoo! \ Antivirus \ CAVTray.exe
C: \ Programmer \ Yahoo! \ Antivirus \ CAVRID.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programmer \ QuickTime \ QTTask.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Webroot \ Spy Sweeper \ SpySweeperUI.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ Yahoo! \ Antivirus \ ISafe.exe
C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programmer \ CIFPFiltering \ FilterService.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe
C: \ Programmer \ Eset \ nod32krn.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ Programmer \ Yahoo! \ Antivirus \ VetMsg.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ Programmer \ Webroot \ Spy Sweeper \ SpySweeper.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Webroot \ Spy Sweeper \ SSU.EXE
C: \ WINDOWS \ explorer.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrowser.exe
C: \ Programmer \ Hijackthis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programmer \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programmer \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programmer \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [VirusScan Online] c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsshld.exe
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [CaAvTray] "C: \ Programmer \ Yahoo! \ Antivirus \ CAVTray.exe"
O4 - HKLM \ .. \ Run: [CAVRID] "C: \ Programmer \ Yahoo! \ Antivirus \ CAVRID.exe"
O4 - HKLM \ .. \ Run: [YOP] "C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe" / autostart
O4 - HKLM \ .. \ Run: [Epson Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "Epson Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [nod32kui] "C: \ Programmer \ Eset \ nod32kui.exe" / WAITSERVICE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Programmer \ Webroot \ Spy Sweeper \ SpySweeperUI.exe" / startintray
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] "C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Programmer \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programmer \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Ekstra knap: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Ekstra knap: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (filen mangler)
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C: \ WINDOWS \ SYSTEM32 \ WRLogonNTF.dll
O21 - SSODL: MSSQL - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (69F3A520-2471-4FF3-8139-ECFD56DED8DB) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: msmdev - (E8E8584D-8FA5-4641-A934-8A93158794E9) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C: \ Programmer \ Yahoo! \ Antivirus \ ISafe.exe
O23 - Service: CIFPLogAggregator - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown ejer - C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown ejer - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \ Programmer \ Eset \ nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C: \ Programmer \ Yahoo! \ Antivirus \ VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Programmer \ Webroot \ Spy Sweeper \ SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ SYSTEM32 \ YPCSER ~ 1.EXE

**evilfantasy** · #2 28. sep 2007, 17:55

Hi Tatjana, velkommen til TCF.

* Vigtig *
Omdøb Hijackthis.exe fil til Analyze.exe. Det er vigtigt, fordi nogle nye former for malware kan skjule fra HijackThis.exe. Højreklik på HijackThis.exe fil i C: \ Programmer \ HijackThis og vælg Omdøb. Skriv Analyze.exe og tryk på Enter-tasten.
Højreklik på Analyze.exe fil og sende den til skrivebordet for at oprette en genvej.
============================
Det ser ud som om du har mere end én Antivirus installeret. I bekræftende fald bedes du gå til tilføj / fjern programmer og fjerne alle undtagen én.
Under mere end en antivirus er unødvendig og kan medføre konflikter.
============================
Deaktiver Spybot's TeaTimer.
Mens TeaTimer er et fremragende værktøj til forebyggelse af spyware, kan det nogle gange forhindre, at vores redskaber fra om fastsættelse af visse ting.
Deaktiver TeaTimer for nu, indtil du er rene. TeaTimer kan aktiveres igen, når din logs er rene.
* Open Spybot Search & Destroy.
* I Mode-menuen skal du klikke på "Avanceret tilstand"Hvis det ikke allerede er valgt.
* Vælg "Ja"På Advarsel prompten.
* Udvid "Værktøj"Menu.
* Klik på "Resident".
* Fjern markeringen i "Resident "TeaTimer" (Beskyttelse af det samlede system indstillinger) aktiv."Box.
* I menuen Filer skal du klikke på "Afslut"For at afslutte Spybot Search & Destroy.
+ Du kan genaktivere TeaTimer når vi er færdig.
=============================
Please download ATF Cleaner ved Atribune. Dette vil hjælpe nogen scanner køre hurtigere. ATF Cleaner.exe Dette program kræver ingen installation. Den eksekverbare faktisk kører programmet.

BEMÆRK: ATF Cleaner vil fjerne alle filer fra de punkter, der er kontrolleret, så hvis du har nogle cookies, du ønsker at gemme. Skal du flytte dem til en anden mappe først.
* Dobbeltklik på ATF-Cleaner.exe for at køre programmet.
* Under Main vælge: Vælg Alle
* Klik på Tomme Udvalgte knappen.

Hvis du bruger Firefox browser
* Klik Firefox øverst og vælge: Vælg Alle
* Klik på Tom Valgte knap.
BEMÆRK: Hvis du gerne vil holde dine gemte adgangskoder, skal du klikke Nej ved prompten.

Hvis du bruger Opera browser
* Klik på Opera øverst og vælge: Vælg Alle
* Klik på Tomme Udvalgte knappen.
BEMÆRK: Hvis du gerne vil holde dine gemte adgangskoder, skal du klikke Nej ved prompten.

Klik på Afslut om de vigtigste ATF Cleaner menuen for at lukke programmet.
===============================
1. Hent denne fil combofix.exe
2. Dobbeltklik combofix.exe & følg instruktionerne.
3. Når du er færdig, skal den udarbejde en log for dig. Post at logge på din næste svar.

Bemærk:
Må ikke mouseclick combofix vindue mens det kører. Det kan få det til at stå.
=====================================

I den næste post tilføjes:
Combofix log
En frisk og omdøbt HijackThis log

**evilfantasy** · #3 28. sep 2007, 18:31

Også:
Lad mig vide, hvordan tingene er nu.

**guccijana** · #4 29. sep 2007, 22:23

Hi evilfantasy-thx for hurtigt svar .. min computer kører meget langsomt, og det tog timer udstationering denne .. Jeg gjorde, hvad du fortalte mig, at afinstalleres antivirus-NOD32, spysweeper og Yahoo online beskyttelse ..

Jeg gav combofix log og her er hijackthis log.

Logfile af HijackThis v1.99.1
Scan gemt på 1:11:41 AM, den 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programmer \ CIFPFiltering \ FilterService.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Dell \ Media Experience \ PCMService.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programmer \ QuickTime \ QTTask.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ HijackThis \ Analyze.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programmer \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programmer \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programmer \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [Epson Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "Epson Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Programmer \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programmer \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Ekstra knap: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Ekstra knap: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (filen mangler)
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: MSSQL - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (filen mangler)
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (filen mangler)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown ejer - C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown ejer - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #5 30. sep 2007, 00:49

Åbn HijackThis og vælg "Må en systemscanning kun"Og anbringe en markering ved siden af disse poster.
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O9 - Extra knappen: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Ekstra knap: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (filen mangler)
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
Luk alle browservinduer herunder denne en og klik derefter på "Fix kontrolleres"
Genstart computeren, og skriv en frisk HijackThis log.

Fortæl mig, hvordan tingene er nu.

**guccijana** · #6 30. sep 2007, 08:16

helllo, ahh min computer til sidst ikke har den irriterende vinduer popper op advarsler, og de tre virusscanning ikoner, der blev installeret på computeren er også væk, yeeeah ..

Udseende alt er tilbage til normal, den røde baggrund er også væk. Her er loggen.

Logfile af HijackThis v1.99.1
Scan gemt kl 11:03:37 den 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Dell \ Media Experience \ PCMService.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programmer \ CIFPFiltering \ FilterService.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Programmer \ QuickTime \ QTTask.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Programmer \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programmer \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: MSVPS System - (88418AA3-16F5-4FC2-A9D8-90B1266DF841) - C: \ WINDOWS \ nsduo.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programmer \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programmer \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [Epson Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "Epson Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Programmer \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programmer \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Ekstra knap: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown ejer - C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown ejer - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #7 30. sep 2007, 08:35

Glad tingene bedre. Men der er stadig nogle nasties at løse.

Slet kopi af Combofix du har og download en ny kopi.
Combofix opdateringer hele tiden så det er altid godt at få en ny kopi.

1. Hent denne fil combofix.exe
2. Dobbeltklik combofix.exe & følg instruktionerne.
3. Når du er færdig, skal den udarbejde en log for dig. Post at logge på din næste svar.

Bemærk:
Må ikke mouseclick combofix vindue mens det kører. Det kan få det til at stå.

I den næste post tilføjes som vedhæftede filer. Du kan tilføje mere end en vedhæftet fil, bare gentage trin:
Combofix log
Friske HJT log

**guccijana** · #8 30. sep 2007, 09:03

Hej, jeg prøvede at klikke på combofix.exe link, men dette er hvad der kom op
404 Not Found

Den anmodede webadresse '/ Subs / combofix.exe' blev ikke fundet på denne server.

**evilfantasy** · #9 30. sep 2007, 09:12

Tak. Jeg har revideret min link.

Her er en god download. Combofix.exe

**guccijana** · #10 30. sep 2007, 12:50

Hej, ja, at linket fungerer, tak ... den røde baggrund kom tilbage: (og heller ikonerne og pop ups .. anyway her er combofix og HJT log.

Logfile af HijackThis v1.99.1
Scan gemt på 3:37:03 PM, den 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Programmer \ CIFPFiltering \ FilterService.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Dell \ Media Experience \ PCMService.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Programmer \ QuickTime \ QTTask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ Programmer \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Programmer \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programmer \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Programmer \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Programmer \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Programmer \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programmer \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Programmer \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Programmer \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [Epson Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "Epson Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Programmer \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Programmer \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Ekstra knap: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (filen mangler)
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (filen mangler)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Ukendt ejer - C: \ Programmer \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Programmer \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP SPL Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Ukendt ejer - C: \ Programmer \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Programmer \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown ejer - C: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown ejer - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C: \ WINDOWS \ wanmpsvc.exe

PS Jeg forsøgte knyttet HJT log, men det ville ikke vedhæfte, sorry!!

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Påvisning af Trojan.Zlob.G - Hastende - Please help!	teenee23	Virus, Spyware & Sikkerhed	14	19 marts 2009 07:45
Hvilke problemer får du med Trojan.Zlob	hopthwoks	Virus, Spyware & Sikkerhed	1	10 marts 2009 11:45
Smitfraud-C Han ønsker ikke at dø!	PlatSpin	Virus, Spyware & Sikkerhed	13	19 august 2008 10:24
Smitfraud Virus	PK28	Virus, Spyware & Sikkerhed	12	5 februar 2008 16:17
Smitfraud-c.msvps	guccijana	Virus, Spyware & Sikkerhed	158	30 januar 2008 20:07