CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede ace22 Nybegynder
17. april 2005 - 17:51 Der er 25 kommentarer og
1 løsning

Hijack problemmer

Hej Jeg har problemmer med min pc. Jeg får hele tiden pop-ups.

Jeg har taget en hijack håber i kan hjælpe

Logfile of HijackThis v1.99.1
Scan saved at 17:38:39, on 17-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Stardock\TrayServer.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\TOSHIBA\TOSHIBA-programmer\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Xp ting\CursorXP.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\00THotkey.exe
C:\Programmer\Object Desktop\ObjectBar\ObjectBar.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\programmer\internet explorer\iexplore.exe
C:\Programmer\Microsoft Office\Office10\EXCEL.EXE
C:\DOCUME~1\Andreas\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\C527C96N\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - blank (file missing)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - blank (file missing)
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - C:\WINDOWS\system32\cxfldeji.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programmer\Fælles filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmer\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Xp ting\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: 00THotkey.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O15 - Trusted Zone: *.avis.co.uk
O15 - Trusted Zone: *.familieportalen.barneguide.dk
O15 - Trusted Zone: http://www.base1.dk
O15 - Trusted Zone: *.bluebell.dk
O15 - Trusted Zone: http://www.boligsiden.dk
O15 - Trusted Zone: http://www.brock.dk
O15 - Trusted Zone: *.dfdsseaways.com
O15 - Trusted Zone: http://sapdk.pro.dir.dk
O15 - Trusted Zone: http://www.dsb.dk
O15 - Trusted Zone: http://www.dtf-travel.com
O15 - Trusted Zone: *.forsikringsluppen.dk
O15 - Trusted Zone: http://www.freesitetemplates.com
O15 - Trusted Zone: http://www.gmail.com
O15 - Trusted Zone: http://www.google.dk
O15 - Trusted Zone: http://www.hattrick.org
O15 - Trusted Zone: http://*.hattrick.org
O15 - Trusted Zone: http://www.herstal.dk
O15 - Trusted Zone: http://www.home.dk
O15 - Trusted Zone: http://www.ide.dk
O15 - Trusted Zone: http://www.igroups.dk
O15 - Trusted Zone: http://*.isnoop.net
O15 - Trusted Zone: http://love.jubii.dk
O15 - Trusted Zone: http://webmail.kabeltv.dk
O15 - Trusted Zone: http://*.kabeltv.dk
O15 - Trusted Zone: http://www.krak.dk
O15 - Trusted Zone: *.kvindeguiden.dk
O15 - Trusted Zone: http://www.love.dk
O15 - Trusted Zone: http://www.mail.dk
O15 - Trusted Zone: *.list.mixit.dk
O15 - Trusted Zone: http://www.onside.dk
O15 - Trusted Zone: http://www.punkt1.dk
O15 - Trusted Zone: http://www.rejseplanen.dk
O15 - Trusted Zone: *.rejseplanen.dk
O15 - Trusted Zone: http://campaign.scandinavian.net
O15 - Trusted Zone: *.selvhenter.dk
O15 - Trusted Zone: http://www.sexhistorier.dk
O15 - Trusted Zone: *.sonofon.dk
O15 - Trusted Zone: http://www.spamfighter.com
O15 - Trusted Zone: http://webmail.stofanet.dk
O15 - Trusted Zone: *. security.symantec.com
O15 - Trusted Zone: http://security.symantec.com
O15 - Trusted Zone: *.tdc.dk
O15 - Trusted Zone: http://mail.tdconline.dk
O15 - Trusted Zone: http://*.tdconline.dk
O15 - Trusted Zone: http://www.tjeck.dk
O15 - Trusted Zone: http://www.trafikken.dk
O15 - Trusted Zone: *.tuborg.dk
O15 - Trusted Zone: http://damehaandboldmanager.tv2.dk
O15 - Trusted Zone: http://*.tv2.dk
O15 - Trusted Zone: http://nb.blackboard.uni-c.dk
O15 - Trusted Zone: http://www.virtualpromote.com
O15 - Trusted Zone: http://www.walla.com
O15 - Trusted Zone: http://www.wanna-save.com
O15 - Trusted Zone: *.www.jp.dk
O15 - Trusted Zone: www.su.dk" target="_blank">http://*.www.su.dk
O15 - Trusted IP range: http://195.41.188.131
O15 - Trusted IP range: http://192.168.2.32
O15 - Trusted IP range: http://192.168.2.33
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O17 - HKLM\Software\..\Telephony: DomainName = skælskør.sail.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O20 - Winlogon Notify: MCPClient - C:\WINDOWS\
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\s0pu0a79ed.dll
O20 - Winlogon Notify: WB - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programmer\Sygate\SPF\smc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede arlet Juniormester
17. april 2005 - 17:53 #1
tjekker den nu
Avatar billede arlet Juniormester
17. april 2005 - 18:07 #2
Download DelDomains.inf
http://www.mvps.org/winhelp2002/DelDomains.inf

derefter:

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - ALLE

O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - blank (file missing)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - blank (file missing)
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - C:\WINDOWS\system32\cxfldeji.dll

O15 - ALLE

----------------------------------------------------------------------------

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
Lige et spørgsmål. Er det et firma i skælskør?(jeg kommer selv fra Skæslkør)
Den skal IKKE slettes

--------------------------------------------------------------------------


Hent og kør spybot herfra: http://www.arlet.dk/spywarescanner.htm
scan hele computeren og slet alt hvad den finder

----------------------------------------------------------

Hent og kør denne scanner fra Kaspersky : http://www.spywareinfo.dk/download/mwav.exe
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne


----------------------------------------------------------

Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Avatar billede tonnybrandt Nybegynder
17. april 2005 - 18:58 #3
Arlet > Øhh... de der 015'ere. Er du sikker på at brugeren ikke selv har sat dem ind ?
De ser ikke særligt snavsede ud efter min mening.
Avatar billede arlet Juniormester
17. april 2005 - 19:00 #4
Det gik sg for hurtigt der, ja selvfølgelig er det nogle brugeren selv har sat ind og skal selvfølgelig ikke fixes.

Tak Tonny.
Avatar billede ace22 Nybegynder
17. april 2005 - 19:24 #5
Dette er den nye log fil.
Mit AVG skrev lige at den havde fundet en trojansk hest:(

Logfile of HijackThis v1.99.1
Scan saved at 19:22:41, on 17-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Stardock\TrayServer.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\00THotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andreas\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\C527C96N\hijackthis[1].exe
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O1 - Hosts: 69.50.166.14 yahoo.com
O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - (no file)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - (no file)
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - (no file)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programmer\Fælles filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmer\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Xp ting\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: 00THotkey.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O15 - Trusted Zone: *.avis.co.uk
O15 - Trusted Zone: *.www.jp.dk
O15 - Trusted Zone: www.su.dk" target="_blank">http://*.www.su.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O17 - HKLM\Software\..\Telephony: DomainName = skælskør.sail.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\lvl6093se.dll
O20 - Winlogon Notify: MCPClient - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programmer\Sygate\SPF\smc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede arlet Juniormester
17. april 2005 - 19:27 #6
Hvad fandt den mvaw scanner??

Skrev avg hvor den havde fundet den hest henne?
Avatar billede ace22 Nybegynder
17. april 2005 - 19:30 #7
C:\Documents and srttings\Andreas\Lokale indstillinger\temporary Internet Files\ Content.IE5\HR77t10E\Appwrap(1).exe

navn Trokan horse Dropper.Small13.AM
Avatar billede arlet Juniormester
17. april 2005 - 19:33 #8
C:\Documents and srttings\Andreas\Lokale indstillinger\temporary Internet Files<- tøm hele mappen


derefter skal du lige fixe disse i hijackthis:
O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - (no file)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - (no file)
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - (no file)

genstart og ny log
Avatar billede ace22 Nybegynder
17. april 2005 - 19:50 #9
Dette er den sidste nye hijack
Jeg ved ikke om jeg ikke kan fjerne
O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - (no file)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - (no file)
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - (no file)

Der er kommer trojanske hest i C:\Documents and settings\Andreas\Lokale indstillinger\temporary Internet Files igen

Logfile of HijackThis v1.99.1
Scan saved at 19:46:38, on 17-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Stardock\TrayServer.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\00THotkey.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Andreas\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\C527C96N\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O1 - Hosts: 69.50.166.14 yahoo.com
O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - (no file)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - (no file)
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - (no file)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programmer\Fælles filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Xp ting\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: 00THotkey.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O15 - Trusted Zone: *.avis.co.uk
O15 - Trusted Zone: *.www.jp.dk
O15 - Trusted Zone: www.su.dk" target="_blank">http://*.www.su.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O17 - HKLM\Software\..\Telephony: DomainName = skælskør.sail.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O20 - Winlogon Notify: MCPClient - C:\WINDOWS\
O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\d00mlad11d0.dll
O20 - Winlogon Notify: WB - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programmer\Sygate\SPF\smc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede ace22 Nybegynder
17. april 2005 - 22:05 #10
har lige scannet min computer med kaspersky puha det ser vist ikke godt ud

File C:\WINDOWS\icont.exe tagged as not-a-virus:AdWare.AdURL.c. No Action Taken.
File C:\WINDOWS\system32\guard.tmp tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\asi3duag.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\tQpi3.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\k8260ifse8260.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\azesearch2.ocx tagged as not-a-virus:AdWare.ToolBar.Azesearch.b. No Action Taken.
File C:\WINDOWS\system32\h4j40e1qeh.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\r08slal71dq.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\guard.tmp tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\asi3duag.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\tQpi3.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\k8260ifse8260.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\azesearch2.ocx tagged as not-a-virus:AdWare.ToolBar.Azesearch.b. No Action Taken.
File C:\WINDOWS\system32\h4j40e1qeh.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\r08slal71dq.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system\UpdInst.exe tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\Temp\bw2.com tagged as not-a-virus:AdWare.AdURL.c. No Action Taken.
File C:\WINDOWS\icont.exe tagged as not-a-virus:AdWare.AdURL.c. No Action Taken.
File C:\Documents and Settings\Andreas\Lokale indstillinger\Temporary Internet Files\Content.IE5\MLXN0792\AppWrap[1].exe tagged as not-a-virus:AdWare.AdURL.c. No Action Taken.
File C:\Documents and Settings\Andreas\Lokale indstillinger\Temporary Internet Files\Content.IE5\IDFGLSJ2\AppWrap[1].exe tagged as not-a-virus:AdWare.AdURL.c. No Action Taken.
File C:\Documents and Settings\Andreas\Lokale indstillinger\Temporary Internet Files\Content.IE5\WFTFIMV1\AppWrap[1].exe tagged as not-a-virus:AdWare.Zestyfind. No Action Taken.
File C:\Documents and Settings\Andreas\Lokale indstillinger\Temporary Internet Files\Content.IE5\WFTFIMV1\AppWrap[2].exe tagged as not-a-virus:AdWare.AdURL.c. No Action Taken.
File C:\Programmer\Microsoft AntiSpyware\Quarantine\3DD88047-A36F-4874-A62B-1F46E3\DF369162-E9D4-4180-93BB-850262 tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.
File C:\Programmer\FreeRIP2\CPSetup.exe infected by "Trojan-Downloader.Win32.Agent.ic" Virus. Action Taken: File Deleted.
File C:\Skole\j2sdk1.4.2_04\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Skole\j2sdk1.4.2_04\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Skole\NetBeans3.6\modules\taglibed.jar tagged as not-a-virus:JavaClass.FormURLToy. No Action Taken.
Avatar billede tonnybrandt Nybegynder
17. april 2005 - 23:55 #11
Arlet lader ikke til at være online lige nu så jeg hjælper dig lige videre ...

Kopier teksten mellem de stiplede linier over i notesblok og gem den som en fil med navnet c:\clean.bat og filtypen alle filer.

-----------------
attrib -h -s -r C:\WINDOWS\icont.exe
attrib -h -s -r C:\WINDOWS\system32\guard.tmp
attrib -h -s -r C:\WINDOWS\system32\asi3duag.dll
attrib -h -s -r C:\WINDOWS\system32\tQpi3.dll
attrib -h -s -r C:\WINDOWS\system32\k8260ifse8260.dll
attrib -h -s -r C:\WINDOWS\system32\azesearch2.ocx
attrib -h -s -r C:\WINDOWS\system32\h4j40e1qeh.dll
attrib -h -s -r C:\WINDOWS\system32\r08slal71dq.dl
attrib -h -s -r C:\WINDOWS\system32\guard.tmp
attrib -h -s -r C:\WINDOWS\system32\asi3duag.dll
attrib -h -s -r C:\WINDOWS\system32\tQpi3.dll
attrib -h -s -r C:\WINDOWS\system32\k8260ifse8260.dll
attrib -h -s -r C:\WINDOWS\system32\azesearch2.ocx
attrib -h -s -r C:\WINDOWS\system32\h4j40e1qeh.dll
attrib -h -s -r C:\WINDOWS\system32\r08slal71dq.dll
attrib -h -s -r C:\WINDOWS\system\UpdInst.exe
attrib -h -s -r C:\WINDOWS\Temp\bw2.com
attrib -h -s -r C:\WINDOWS\icont.exe.

del /f /q C:\WINDOWS\icont.exe
del /f /q C:\WINDOWS\system32\guard.tmp
del /f /q C:\WINDOWS\system32\asi3duag.dll
del /f /q C:\WINDOWS\system32\tQpi3.dll
del /f /q C:\WINDOWS\system32\k8260ifse8260.dll
del /f /q C:\WINDOWS\system32\azesearch2.ocx
del /f /q C:\WINDOWS\system32\h4j40e1qeh.dll
del /f /q C:\WINDOWS\system32\r08slal71dq.dl
del /f /q C:\WINDOWS\system32\guard.tmp
del /f /q C:\WINDOWS\system32\asi3duag.dll
del /f /q C:\WINDOWS\system32\tQpi3.dll
del /f /q C:\WINDOWS\system32\k8260ifse8260.dll
del /f /q C:\WINDOWS\system32\azesearch2.ocx
del /f /q C:\WINDOWS\system32\h4j40e1qeh.dll
del /f /q C:\WINDOWS\system32\r08slal71dq.dll
del /f /q C:\WINDOWS\system\UpdInst.exe
del /f /q C:\WINDOWS\Temp\bw2.com
del /f /q C:\WINDOWS\icont.exe

pause
-----------------

Genstart i fejlsikret tilstand.

Klik start | kør, skriv regedit og tryk enter.
Find denne nøgle i registreringsdatabasen og udvid den så du kan se de underliggende objekter.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Udvid den så du kan se de underliggende nøgler.
Find disse 3 nøgler, højreklik hver af dem og vælg slet:
52C9C687-33DC-43F8-2746-D9409CC8E897
B46540F3-AEDC-D833-CF6A-BAD2728A1135
D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF

Generelt:
Hvis du bliver nægtet adgang så udfør følgende for at sætte sikkerheden så du må slette:

Klik Nøglen så den er markeret.
Klik Rediger | Tilladelser.
Marker "Alle" og sæt kryds i Tillad i "Fuld kontrol".
Klik knappen Avanceret, og sæt kryds i den nederste: "Erstat tilladelsesposter på alle underobj......"
Klik Anvend og ok
Og igen Anvend og ok.

Luk regedit når du har slettet de 3 poster.

Klik start | kør, skriv c:\clean.bat og tryk enter.

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart normalt og kom med en ny log.
Avatar billede tonnybrandt Nybegynder
18. april 2005 - 00:01 #12
Mens du er i fejlsikret tilstand, så fix også lige disse 2 i HiJackThis :

O1 - Hosts: 69.50.166.14 yahoo.com
O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\d00mlad11d0.dll
Avatar billede ace22 Nybegynder
18. april 2005 - 07:52 #13
Logfile of HijackThis v1.99.1
Scan saved at 07:51:30, on 18-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Stardock\TrayServer.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\00THotkey.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andreas\Skrivebord\hijackthis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O2 - BHO: (no name) - {52C9C687-33DC-43F8-2746-D9409CC8E897} - (no file)
O2 - BHO: (no name) - {B46540F3-AEDC-D833-CF6A-BAD2728A1135} - (no file)
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O2 - BHO: (no name) - {D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF} - (no file)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programmer\Fælles filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Xp ting\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: 00THotkey.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O15 - Trusted Zone: *.avis.co.uk
O15 - Trusted Zone: *.www.jp.dk
O15 - Trusted Zone: www.su.dk" target="_blank">http://*.www.su.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O17 - HKLM\Software\..\Telephony: DomainName = skælskør.sail.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programmer\Sygate\SPF\smc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede tonnybrandt Nybegynder
18. april 2005 - 08:32 #14
Det må være Microsoft antispyware der passer på de 3 linier der bliver ved med at vende tilbage.

Afinstaller Micrososft Antispyware og slet denne mappe:
C:\Programmer\Microsoft AntiSpyware

Genstart i fejlsikret tilstand.

Klik start | kør, skriv regedit og tryk enter.
Find denne nøgle i registreringsdatabasen og udvid den så du kan se de underliggende objekter.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Udvid den så du kan se de underliggende nøgler.
Højreklik denne nøgle og vælg slet:
Remote Packet Capture Protocol v.0 (experimental) (rpcapd)

Find derefter denne nøgle:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Udvid også den så du kan se de underliggende nøgler.
Find disse 2 nøgler, højreklik hver af dem og vælg slet:
52C9C687-33DC-43F8-2746-D9409CC8E897
B46540F3-AEDC-D833-CF6A-BAD2728A1135
D0DC8C8A-8430-B7BD-D8C6-AB565D342EBF


Generelt:
Hvis du bliver nægtet adgang så udfør følgende for at sætte sikkerheden så du må slette:

Klik Nøglen så den er markeret.
Klik Rediger | Tilladelser.
Marker "Alle" og sæt kryds i Tillad i "Fuld kontrol".
Klik knappen Avanceret, og sæt kryds i den nederste: "Erstat tilladelsesposter på alle underobj......"
Klik Anvend og ok
Og igen Anvend og ok.

Luk regedit.

Slet denne folder, hvis den findes:
C:\Programmer\WinPcap


Genstart normalt og kom med en ny log.

(Når loggen er ren må du installere Microsoft Antispyware igen)
Avatar billede ace22 Nybegynder
18. april 2005 - 15:17 #15
Jeg har lige scannet med kaspersky og den fandt de viruser som er neden under. Men min computer føre sig helt fint nu.

File C:\WINDOWS\system32\o4pq0e75eh.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\o4pq0e75eh.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
File C:\Documents and Settings\Andreas\Lokale indstillinger\Temporary Internet Files\Content.IE5\WFTFIMV1\AppWrap[1].exe tagged as not-a-virus:AdWare.Zestyfind. No Action Taken.
File C:\Programmer\Microsoft AntiSpyware\Quarantine\3DD88047-A36F-4874-A62B-1F46E3\DF369162-E9D4-4180-93BB-850262 tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.
File C:\Skole\j2sdk1.4.2_04\demo\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Skole\j2sdk1.4.2_04\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Skole\NetBeans3.6\modules\taglibed.jar tagged as not-a-virus:JavaClass.FormURLToy. No Action Taken.
File C:\WINDOWS\system32\o4pq0e75eh.dll tagged as not-a-virus:AdWare.Look2Me.ab. No Action Taken.
Avatar billede ace22 Nybegynder
18. april 2005 - 16:03 #16
Logfile of HijackThis v1.99.1
Scan saved at 16:01:28, on 18-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Stardock\TrayServer.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\00THotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Andreas\Skrivebord\hijackthis.exe
C:\WINDOWS\System32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programmer\Fælles filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Xp ting\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: 00THotkey.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O15 - Trusted Zone: *.avis.co.uk
O15 - Trusted Zone: *.www.jp.dk
O15 - Trusted Zone: www.su.dk" target="_blank">http://*.www.su.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O17 - HKLM\Software\..\Telephony: DomainName = skælskør.sail.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programmer\Sygate\SPF\smc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede tonnybrandt Nybegynder
18. april 2005 - 16:07 #17
Ok, den nåede at lave endnu en fil inden vi fik synderen slettet.

Så du skal lige slette disse i en stifinder:
C:\WINDOWS\system32\o4pq0e75eh.dll
C:\Programmer\Microsoft AntiSpyware\Quarantine\3DD88047-A36F-4874-A62B-1F46E3\DF369162-E9D4-4180-93BB-850262

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Så må du gerne installere Microsoft Antispyware igen.

Og din HiJackThis log er nu ren.

Arlet har nok lige et par afsluttende bemærkninger ...
Avatar billede ace22 Nybegynder
18. april 2005 - 16:20 #18
lækkert:) Det er jeg sgu glad for.....jeg kan se at Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning er tom er det noget som man rette så alt standart kommer tilbage?? (Har kørt bare kørt cleanmgr.exe fra C:\WINDOWS\system32)
Avatar billede arlet Juniormester
18. april 2005 - 21:26 #19
Det med den diskoprydning må vi lige høre tonnybrandt om,  han har et forslag til den.

Men ellers har tonnybrandt hjulpet dig i mål, så:

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Avatar billede arlet Juniormester
18. april 2005 - 21:30 #20
Tonnybrandt -> For den store hjælp -> http://www.eksperten.dk/spm/610841
Avatar billede tonnybrandt Nybegynder
18. april 2005 - 22:46 #21
Diskoprydning i menuen er egentligt blot en genvej til cleanmgr.exe, så du har egentligt gjort det helt rigtigt.

Den skal ligge her:
C:\Documents and Settings\All Users\Menuen Start\Programmer\Tilbehør\Systemværktøjer

Her kan du slette den Diskoprydning der allerede er der, og lave en ny genvej der peger på c:\windows\system32\cleanmgr.exe og som du giver navnet diskoprydning.

Men jeg opdagede at jeg da overså at der var en enkelt linie som ikke var blevet slettet i loggen.

Genstart i fejlsikret tilstand.

Klik start | kør, skriv regedit og tryk enter.
Find denne nøgle i registreringsdatabasen og udvid den så du kan se de underliggende objekter.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Højreklik denne nøgle og vælg slet:
Remote Packet Capture Protocol v.0 (experimental) (rpcapd)

Check bagefter i hiJackThis at denne linie er forsvundet:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Hvis den ikke forsvinder er du lige nødt til at fortælle hvilke fejl du oplever, for den skal forsvinde, når vi sletter den i regedit.
Avatar billede ace22 Nybegynder
19. april 2005 - 16:12 #22
så skulle de også være slettet:) Den brokkede sig ikke ved ikke om du vil have en hijack for en sikkerheds skyld??
Avatar billede ace22 Nybegynder
19. april 2005 - 16:14 #23
Logfile of HijackThis v1.99.1
Scan saved at 16:13:46, on 19-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Stardock\TrayServer.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\00THotkey.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andreas\Dokumenter\hijack filer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Programmer\Fælles filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Xp ting\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: 00THotkey.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_0.dll
O15 - Trusted Zone: *.avis.co.uk
O15 - Trusted Zone: *.www.jp.dk
O15 - Trusted Zone: www.su.dk" target="_blank">http://*.www.su.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O17 - HKLM\Software\..\Telephony: DomainName = skælskør.sail.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skælskør.sail.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programmer\WebSpeed Sikkerhedspakke\fswsclds.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programmer\Sygate\SPF\smc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede tonnybrandt Nybegynder
19. april 2005 - 20:19 #24
Alt iorden. Så er den helt væk, og loggen du lagde er nu helt ren. :)
Avatar billede ace22 Nybegynder
19. april 2005 - 21:24 #25
det lyder godt:) 1000 tak for hjælpen
Avatar billede tonnybrandt Nybegynder
19. april 2005 - 22:25 #26
Velbekomme :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Microsoft 365 kurser
Alle kurser indenfor Microsoft 365 – både til begyndere og øvede.
Se alle Microsoft 365 kurser

Flere spørgsmål fra Hjælp og fejl kategorien

Titel Indlæg Oprettet Seneste aktivitet
concorde c4 fejl Af per i Hjælp og fejl 1 06/06/202409:28 07/06/202414:08
Praktikant? Af Stigers i Hjælp og fejl 15 05/03/202416:56 06/03/202416:50
Forklarende billede i spørgsmål eller svar Af mort1 i Hjælp og fejl 15 10/12/202314:59 11/12/202320:43
Kan ikke udpakke en Fil? eller åben den Af Casper i Hjælp og fejl 4 05/12/202317:35 05/12/202319:43
Ændre e-mailadresse Af mort1 i Hjælp og fejl 3 17/11/202315:45 17/11/202318:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:35 NVIDIA Sheild Pro Af FCK i Musik & videoafspillere
I dag 13:01 Undgå matriksformel? Af Dan Elgaard i Excel
I går 21:33 Ingen reaktion på Kraks Kort Af ErikHg i Søgemaskiner
I går 21:06 iTop Screen Recorder Free Dansk Af eksmojo i Andet software
I går 12:29 Kan ikke fide SSD cards Af JohnVamos i PC
White papers
Flere white papers »


Premium
Teaser billede
Sådan får hackerne med ny fidus adgang til dit system for kun 10 dollar: Næsten umuligt at beskytte sig
Læs mere »
Kommunernes it-forbrug stiger: Sådan har Odense Kommune holdt sine udgifter til it-licenser og it-konsulenter nede
Tidligere Cibicom-topchef Michael Meister har landet nyt job: Skal være administrerende direktør
Styrelse kom med tastefejl til at lægge tre år for meget på it-kontrakt til 350 millioner kroner
Se alle »
Computerworld
Teaser billede
Om lidt går det løs: Så banebrydende bliver iPhone 16
Læs mere »
iPhone 16 og 16 Pro slippes løs: Her er de to afgørende nyheder
Apple ændrer grundlæggende på den måde, som din iPhone skal opdateres på
Test: Her får du lynhurtig wi-fi 7 bredbånd til lavpris
Se alle »
CIO
Teaser billede
Nu kommer næste store version af Copilot
Læs mere »
Syv vigtige teknologier, som alle CIO'er bør forholde sig til - kommer til at sætte dagsordenen
Søstrene Grene skifter Microsoft ud med SAP og rykker for første gang i clouden i stor ERP-transformation
Microsoft har fundet 79 sårbarheder i Windows – du bør opdatere straks
Se alle »
Job & Karriere
Teaser billede
Pludselig exit fra Schultz kom som en overraskelse for Merete Søby: Derfor stoppede samarbejdet
Læs mere »
Merete Søby fratræder med omgående virkning som CEO for Schultz efter blot tre måneder på posten
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
Kom tæt på Danmarks nye digitaliserings-minister: 33-årige Caroline Stage Olsen er tidligere tobaks-lobbyist - har været aktiv i politik siden hun var helt ung
Se alle »
White paper
Teaser billede
Sådan høster du forretningsfordelene ved Internet of Things
Læs mere »
MDR: Transparent sikkerhed og overvågning i realtid
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »