CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede ace22 Nybegynder
15. december 2005 - 17:37 Der er 16 kommentarer og
2 løsninger

hijackthis fil

Hej Jeg har lige faaet min kusines computer her hjem. igaar tjekkede jeg den for virus og der var en masse. men der er stadigvaek problemer. Jeg kan ikke opdatere inde paa update.microsoft.com og kan heller ikke downloade filer. Haaber i kan hjaelpe

Her er hijackThis filen

Logfile of HijackThis v1.99.1
Scan saved at 17:34:03, on 15-12-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\cmd.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q629475_disk.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe

MVH Andreas
Avatar billede halvamatoer Nybegynder
15. december 2005 - 18:44 #1
Yep lidt virus er tilstede:

Følg instruktionerne i www.exp.dk/artikler/755 og kom med loggene derfra + ny HJT.
Scanningen med ewido tager ca. 1 time.
(svarer til min aftensmad) - så kigger jeg på den
Avatar billede ace22 Nybegynder
15. december 2005 - 19:32 #2
ny hijack

Logfile of HijackThis v1.99.1
Scan saved at 19:32:01, on 15-12-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Empty Temp Folders 2.8.3\emprun.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q629475_disk.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
Avatar billede halvamatoer Nybegynder
15. december 2005 - 19:33 #3
og loggen fra ewido?
Avatar billede ace22 Nybegynder
15. december 2005 - 19:34 #4
HKLM\SOFTWARE\Classes\CLSID\{0B6BE68E-B55A-5883-3DBC-30D73208D3E7} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{155F178D-1B07-52BD-BF72-827F24ED9DCE} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{1E920882-80EF-BD61-DBBD-0847C13D1197} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{2D9BB7B5-D27A-5907-A874-72E04FC719E8} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{491288EB-D314-5571-9C18-B1EAC89ADE09} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{529D86BB-85DC-FC40-1699-BECC09038E95} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{57CEBAAD-4565-C660-5FAF-624E13DBE3B7} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{5B7E5C2F-7668-51A3-BA8C-F6B376755AF9} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{67654C62-B847-D47B-7386-202E338F4761} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{6A389597-708B-6F9D-B6EC-8D1A3EC9DFAF} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{905BD5E4-261C-4EFD-5456-CD124D7B9D18} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{9913F006-5621-D9B4-E3CB-064477E8D278} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{B38F516E-48F2-CDBB-7D76-E0CFBCDBEE45} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{BCA18F7D-4CAB-D300-286E-432722FFB0FB} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{C7339624-BDA9-0FBB-8706-46F6CC80401F} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{DB3FF0A6-7AD3-085E-3E59-A4318E82D4A8} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{DC690906-09E2-710F-7C3B-F2F819B49B2A} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{DE2D7676-D3B6-1EDB-60CA-DA72D6F9B006} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{EE72D9B5-81C8-E738-8F1C-E3D4FED74E0D} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251} -> Dialer.Generic : Renset med backup
    HKLM\SOFTWARE\Classes\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B} -> Dialer.Generic : Renset med backup
    C:\Documents and Settings\Thomas\Cookies\thomas@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.6:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.7:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.8:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.9:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.22:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Porngraph : Renset med backup
    :mozilla.23:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Porngraph : Renset med backup
    :mozilla.24:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Porngraph : Renset med backup
    :mozilla.28:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.29:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.30:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.31:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.32:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.33:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.34:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.35:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.36:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.37:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Xhit : Renset med backup
    :mozilla.38:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Xhit : Renset med backup
    :mozilla.51:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Paycounter : Renset med backup
    :mozilla.55:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Qksrv : Renset med backup
    :mozilla.74:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Wegcash : Renset med backup
    :mozilla.75:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Wegcash : Renset med backup
    :mozilla.92:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Renset med backup
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\Cache\3F99E1E0d01 -> Heuristic.Win32.Dialer : Renset med backup
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\Cache\3269ABE8d01 -> Dialer.Generic : Renset med backup
    :mozilla.9:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.14:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.15:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.16:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.17:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.30:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Onestat : Renset med backup
    :mozilla.31:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Onestat : Renset med backup
    :mozilla.34:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.35:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.9:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.10:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.13:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.26:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.27:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.28:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.29:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.30:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.31:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.32:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.33:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.34:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.35:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.36:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.37:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.38:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.39:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.40:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.41:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.42:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.43:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.44:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.45:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.46:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.47:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.48:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.49:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.50:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.51:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.102:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Paycounter : Renset med backup
    :mozilla.105:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.106:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.107:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.108:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.109:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.110:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.111:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.115:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.116:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.117:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Renset med backup
    :mozilla.119:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.120:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.128:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup
    :mozilla.129:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup
    :mozilla.137:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.138:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.139:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.142:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Masterstats : Renset med backup
    C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-120256ae-5b7fa9d4.class.mwt -> Trojan.Byteverify : Renset med backup
    :mozilla.8:C:\Documents and Settings\Vivian\Application Data\Mozilla\Firefox\Profiles\dtjev31k.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.20:C:\Documents and Settings\Vivian\Application Data\Phoenix\Profiles\default\hmxaczqx.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Renset med backup
    :mozilla.28:C:\Documents and Settings\Vivian\Application Data\Phoenix\Profiles\default\hmxaczqx.slt\cookies.txt -> Spyware.Cookie.Atdmt : Renset med backup


::Rapport slut
Avatar billede halvamatoer Nybegynder
15. december 2005 - 19:47 #5
Det ser ud til du har/haft Coolwebsearch:

1. Download og kør CWS-fjerner: (Brugsanvisning på hjemmeside).
http://www.siena.edu/antivirus/spyware/cws.asp

Derefter skal du fixe følgende:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O20 - Winlogon Notify: style2 - C:\WINDOWS\q629475_disk.dll (file missing)

Derefter i fejlsikker tilstand.
Led efter & slet:

C:\WINDOWS\q629475_disk.dll - kan være HJT har slettet den.

Derefter genstart i normal og kom med ny log
Avatar billede ace22 Nybegynder
15. december 2005 - 20:10 #6
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
Avatar billede halvamatoer Nybegynder
15. december 2005 - 20:20 #7
min fejl glemte en:

O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1

og derved får man automatisk dem her igen:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

fix dem + ny log.
Avatar billede ace22 Nybegynder
15. december 2005 - 20:24 #8
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
Avatar billede halvamatoer Nybegynder
15. december 2005 - 20:37 #9
Glemte en mere:

R3 - Default URLSearchHook is missing

Ordne den - men nu bliver vi desværre lidt advanceret, hvis vi skal af med 015.

Vælg kør skriv regedit
Vi går nu ind i registeringsdatabasen, og her kan du lave rigtig god skade, så gør ikke noget hvis du er i tvivl.

Find nøglen:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults

du blader bare ned, som alm. windows struktur (stifinder).
Når du har markeret den vil jeg gerne vide hvad der står i højre side af billedet.
der skal stå det samme som nedenstående:
http://www.dslreports.com/forum/remark,13372949
Ca. midten på siden er der et billede sammenlign med det.
Avatar billede ace22 Nybegynder
15. december 2005 - 20:41 #10
den der R3 - Default URLSearchHook is missing kommer tilbage med det samme naar jeg sletter den fra hijackthis
Avatar billede ace22 Nybegynder
15. december 2005 - 20:44 #11
efter currentVersion er der ikke noget som hedder internet settings
Avatar billede halvamatoer Nybegynder
15. december 2005 - 21:10 #12
ok du har ikke mere virus o.lign.
Men din explorer har stadigvæk fejl. Jeg har en ide om at du endnu ikke kan komme ind på windows-update og lign.

Følg nedenstående link for evt. geninstallation af explorer

http://www.hcma.dk/tips51to60.htm#no55

Så tror jeg vi er ved at være der.
Avatar billede ace22 Nybegynder
15. december 2005 - 21:49 #13
jeg kan stadigvaek ikke opdater microsoft den skriver det her

Skift sikkerhedsindstillingerne i Internet Explorer
Hvis du vil gemme ændringer i indstillingerne for dette websted, skal du aktivere vedvarende brugerdata i Internet Explorer. Følg nedenstående trin, og klik derefter på Skift indstillinger til venstre, og prøv at gemme ændringerne igen.
Klik på Internetindstillinger i menuen Funktioner i Internet Explorer.
Klik på fanen Sikkerhed, klik på sikkerhedszoneikonet Internet, og klik derefter på Brugerdefineret niveau.
Rul frem til området Diverse i dialogboksen Indstillinger.
Marker Aktiver under Vedvarende brugerdata.
Klik på OK, og klik på Ja, når en dialogboks med en sikkerhedsadvarsel vises.

men hver gang jeg saetter kryds i aktiver under bruger data laver den selv om til middel sikkerhed igen
Avatar billede Computer Hjælp (Gratis) Mester
15. december 2005 - 21:59 #14
<halvamatoer>: GoSub -> http://exp.dk/spm/672546
Avatar billede halvamatoer Nybegynder
15. december 2005 - 22:06 #15
<dr1> kom lige derfra :-)
Har du nogen forslag til den her - der er ikke mere virus på den?

ace22 -> Hvor meget i linket prøvede du?
Avatar billede ace22 Nybegynder
15. december 2005 - 22:19 #16
Prøv først dette:

Download  denne fil herfra
http://packetstormsecurity.org/Win/IEreg.zip
eller
http://www.fbeej.dk/Programmer/iereg.zip
Udpak den og kør den udpakkede fil. Genstart og se om det har hjulpet.  (de registrerer/genopretter/gendanner/reparerer *.dll i IE

Måske er det nok

Eller:
http://windowsxp.mvps.org/utils/IEFix.zip

som anvender ie.inf til, at reparere IE. Den kræver desuden, at man har sin windows-cd i maskinen.

Eller:
1: Klik på Start - Kør, og skriv: Regedit klik på OK.

2: Nu skal du navigere dig herhen:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \ {89820200-ECBD-11cf-8B85-00AA005B4383}.
Pas på for der er 2 næsten identiske.

Højreklik på den streng som hedder IsInstalled og ændre værdien fra 1 til 0.

3: Luk Regedit på X og genstart.

Jeg smutter i seng nu skal tidligt op i morgen saa maa jeg lige kikke paa det der... tak for hjaelpen skriver nok i morgen
Avatar billede halvamatoer Nybegynder
15. december 2005 - 22:28 #17
god nat
Avatar billede ace22 Nybegynder
16. december 2005 - 20:56 #18
Hej igen
Så er computeren på toppen igen:) Det var hendes lorte firewall som ikke ville lade windows opdater, så nu er den blevet slettet for altid:)

Tak for hjælpen

God jul og god weekend

MVH Andreas
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 10 22/11/202420:49 23/11/202410:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 11:44 Sti og filnavn i sidefod Af boro23 i Word
I dag 11:02 Zyxel Multy U netværk Af jcr18 i Wifi
I dag 08:52 DOWNLOAD TIL SAMME MAPPE Af snestrup2000 i Browsere
I dag 00:54 Windows 11 Pro - IIS Af bsn i Windows
I går 18:46 Omdanne stik på router til USB Af valby i Routere & Switches
White papers
Flere white papers »


Premium
Teaser billede
Meldes til politiet for grove GDPR-brud og elendig sikkerhed: Mere end 1.000 tidligere ansatte har haft fri adgang til centralt KMD-system
Læs mere »
Disse seks anbefalinger fra den danske it-branche skal sikre Danmarks digitale kvantespring
Kunderne raser, og priserne er eksploderet: Alligevel er salget af VMware en kæmpe-succes
Boghandler er blevet en af Danmarks førende eksperter i Microsoft Teams: "Til at begynde med virkede det fuldstændig uopnåeligt"
Se alle »
Computerworld
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Se alle »
CIO
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Microsoft et døgn efter nedbrud: Stadig problemer med Outlook
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Twoday er rykket til et af de dyreste postnumre i Danmark – og det kan betale sig, siger topchef Lars Berthelsen
Se alle »
White paper
Teaser billede
Sikkerhed uden grænser: Cisco Hypershield
Læs mere »
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Managed Detection & Response: Forsvar din virksomhed mod cybertrusler døgnet rundt
Derfor kræver AI, cloud og sikkerhed et stærkere netværk
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »