Jeg lægger lige hijackthis og ewido loggen ind i tråden her, det er nemmere og så er det tilgængeligt for(sådan er reglerne)
---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------
+ Oprettet den: 11:25:05, 08-11-2005
+ Rapport-Checksum: A0DD68FD
+ Scanningsresultat:
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\WhenUSave -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\WhenUSave\Partners -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\WhenUSave\Partners\EEPE -> Spyware.SaveNow : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@2o7[2].txt -> Spyware.Cookie.2o7 : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@adtech[1].txt -> Spyware.Cookie.Adtech : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@advertising[2].txt -> Spyware.Cookie.Advertising : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@atdmt[2].txt -> Spyware.Cookie.Atdmt : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@bfast[2].txt -> Spyware.Cookie.Bfast : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@centrport[2].txt -> Spyware.Cookie.Centrport : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@com[2].txt -> Spyware.Cookie.Com : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@fastclick[1].txt -> Spyware.Cookie.Fastclick : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@hitbox[2].txt -> Spyware.Cookie.Hitbox : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@perf.overture[1].txt -> Spyware.Cookie.Overture : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Renset med backup
C:\Documents and Settings\Kristian\Cookies\kristian@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Renset med backup
C:\Documents and Settings\Kristian\Lokale indstillinger\Temp\VVSNInst.exe -> Adware.SaveNow : Renset med backup
C:\Documents and Settings\Kristian\Menuen Start\Programmer\WhenU -> Spyware.SaveNow : Renset med backup
C:\Documents and Settings\Kristian\Menuen Start\Programmer\WhenU\Learn More About WhenU Save.url -> Spyware.SaveNow : Renset med backup
C:\Documents and Settings\Kristian\Menuen Start\Programmer\WhenU\Learn More About WhenU SaveNow.url -> Spyware.SaveNow : Renset med backup
C:\Documents and Settings\Kristian\Menuen Start\Programmer\WhenU\WhenU.com Website.url -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save\ACM.dll -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save\Desktop.ini -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save\save.db -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save\Save.exe -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save\save.htm -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save\SaveUninst.exe -> Spyware.SaveNow : Renset med backup
C:\Programmer\Save\store.db -> Spyware.SaveNow : Renset med backup
C:\Programmer\winupdates\a.tmp -> Worm.VB.an : Renset med backup
C:\Programmer\winupdates\a.zip/Setup.exe -> Worm.VB.an : Renset med backup
::Rapport slut
Logfile of HijackThis v1.99.1
Scan saved at 11:30:08, on 08-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kristian\Skrivebord\Ny mappe\hjt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Enigma Firewall] C:\Programmer\Enigma Software Group\EnigmaFireWall\EnigmaFirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe