CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede ace22 Nybegynder
15. december 2005 - 17:37 Der er 16 kommentarer og
2 løsninger

hijackthis fil

Hej Jeg har lige faaet min kusines computer her hjem. igaar tjekkede jeg den for virus og der var en masse. men der er stadigvaek problemer. Jeg kan ikke opdatere inde paa update.microsoft.com og kan heller ikke downloade filer. Haaber i kan hjaelpe

Her er hijackThis filen

Logfile of HijackThis v1.99.1
Scan saved at 17:34:03, on 15-12-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\cmd.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q629475_disk.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe

MVH Andreas
Avatar billede halvamatoer Nybegynder
15. december 2005 - 18:44 #1
Yep lidt virus er tilstede:

Følg instruktionerne i www.exp.dk/artikler/755 og kom med loggene derfra + ny HJT.
Scanningen med ewido tager ca. 1 time.
(svarer til min aftensmad) - så kigger jeg på den
Avatar billede ace22 Nybegynder
15. december 2005 - 19:32 #2
ny hijack

Logfile of HijackThis v1.99.1
Scan saved at 19:32:01, on 15-12-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Empty Temp Folders 2.8.3\emprun.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q629475_disk.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
Avatar billede halvamatoer Nybegynder
15. december 2005 - 19:33 #3
og loggen fra ewido?
Avatar billede ace22 Nybegynder
15. december 2005 - 19:34 #4
HKLM\SOFTWARE\Classes\CLSID\{0B6BE68E-B55A-5883-3DBC-30D73208D3E7} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{155F178D-1B07-52BD-BF72-827F24ED9DCE} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{1E920882-80EF-BD61-DBBD-0847C13D1197} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{2D9BB7B5-D27A-5907-A874-72E04FC719E8} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{491288EB-D314-5571-9C18-B1EAC89ADE09} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{529D86BB-85DC-FC40-1699-BECC09038E95} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{57CEBAAD-4565-C660-5FAF-624E13DBE3B7} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{5B7E5C2F-7668-51A3-BA8C-F6B376755AF9} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{67654C62-B847-D47B-7386-202E338F4761} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{6A389597-708B-6F9D-B6EC-8D1A3EC9DFAF} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{905BD5E4-261C-4EFD-5456-CD124D7B9D18} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{9913F006-5621-D9B4-E3CB-064477E8D278} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{B38F516E-48F2-CDBB-7D76-E0CFBCDBEE45} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{BCA18F7D-4CAB-D300-286E-432722FFB0FB} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{C7339624-BDA9-0FBB-8706-46F6CC80401F} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{DB3FF0A6-7AD3-085E-3E59-A4318E82D4A8} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{DC690906-09E2-710F-7C3B-F2F819B49B2A} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{DE2D7676-D3B6-1EDB-60CA-DA72D6F9B006} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{EE72D9B5-81C8-E738-8F1C-E3D4FED74E0D} -> Spyware.CoolWebSearch : Renset med backup
    HKLM\SOFTWARE\Classes\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251} -> Dialer.Generic : Renset med backup
    HKLM\SOFTWARE\Classes\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B} -> Dialer.Generic : Renset med backup
    C:\Documents and Settings\Thomas\Cookies\thomas@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.6:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.7:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.8:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.9:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.22:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Porngraph : Renset med backup
    :mozilla.23:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Porngraph : Renset med backup
    :mozilla.24:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Porngraph : Renset med backup
    :mozilla.28:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.29:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.30:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.31:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.32:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.33:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.34:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.35:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.36:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    :mozilla.37:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Xhit : Renset med backup
    :mozilla.38:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Xhit : Renset med backup
    :mozilla.51:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Paycounter : Renset med backup
    :mozilla.55:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Qksrv : Renset med backup
    :mozilla.74:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Wegcash : Renset med backup
    :mozilla.75:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Wegcash : Renset med backup
    :mozilla.92:C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Renset med backup
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\Cache\3F99E1E0d01 -> Heuristic.Win32.Dialer : Renset med backup
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Profiles\default\fp4vioa9.slt\Cache\3269ABE8d01 -> Dialer.Generic : Renset med backup
    :mozilla.9:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup
    :mozilla.14:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.15:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.16:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.17:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    :mozilla.30:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Onestat : Renset med backup
    :mozilla.31:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Onestat : Renset med backup
    :mozilla.34:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.35:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\b4028ej9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.9:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.10:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.13:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.26:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.27:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.28:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.29:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.30:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.31:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.32:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.33:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.34:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.35:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.36:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.37:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.38:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.39:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.40:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.41:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.42:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.43:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.44:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.45:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Renset med backup
    :mozilla.46:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.47:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.48:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.49:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.50:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.51:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.102:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Paycounter : Renset med backup
    :mozilla.105:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.106:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.107:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.108:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Renset med backup
    :mozilla.109:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.110:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.111:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup
    :mozilla.115:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.116:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup
    :mozilla.117:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Renset med backup
    :mozilla.119:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.120:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Clickzs : Renset med backup
    :mozilla.128:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup
    :mozilla.129:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup
    :mozilla.137:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.138:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.139:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Falkag : Renset med backup
    :mozilla.142:C:\Documents and Settings\Thomas\Application Data\Phoenix\Profiles\default\zr8h22t7.slt\cookies.txt -> Spyware.Cookie.Masterstats : Renset med backup
    C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-120256ae-5b7fa9d4.class.mwt -> Trojan.Byteverify : Renset med backup
    :mozilla.8:C:\Documents and Settings\Vivian\Application Data\Mozilla\Firefox\Profiles\dtjev31k.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.20:C:\Documents and Settings\Vivian\Application Data\Phoenix\Profiles\default\hmxaczqx.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Renset med backup
    :mozilla.28:C:\Documents and Settings\Vivian\Application Data\Phoenix\Profiles\default\hmxaczqx.slt\cookies.txt -> Spyware.Cookie.Atdmt : Renset med backup


::Rapport slut
Avatar billede halvamatoer Nybegynder
15. december 2005 - 19:47 #5
Det ser ud til du har/haft Coolwebsearch:

1. Download og kør CWS-fjerner: (Brugsanvisning på hjemmeside).
http://www.siena.edu/antivirus/spyware/cws.asp

Derefter skal du fixe følgende:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O20 - Winlogon Notify: style2 - C:\WINDOWS\q629475_disk.dll (file missing)

Derefter i fejlsikker tilstand.
Led efter & slet:

C:\WINDOWS\q629475_disk.dll - kan være HJT har slettet den.

Derefter genstart i normal og kom med ny log
Avatar billede ace22 Nybegynder
15. december 2005 - 20:10 #6
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
Avatar billede halvamatoer Nybegynder
15. december 2005 - 20:20 #7
min fejl glemte en:

O4 - HKLM\..\Run: [qfdsyl] rundll32 C:\WINDOWS\System32\qfdsyl.dll,Init 1

og derved får man automatisk dem her igen:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

fix dem + ny log.
Avatar billede ace22 Nybegynder
15. december 2005 - 20:24 #8
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\Vivian\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Programmer\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmer\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
Avatar billede halvamatoer Nybegynder
15. december 2005 - 20:37 #9
Glemte en mere:

R3 - Default URLSearchHook is missing

Ordne den - men nu bliver vi desværre lidt advanceret, hvis vi skal af med 015.

Vælg kør skriv regedit
Vi går nu ind i registeringsdatabasen, og her kan du lave rigtig god skade, så gør ikke noget hvis du er i tvivl.

Find nøglen:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults

du blader bare ned, som alm. windows struktur (stifinder).
Når du har markeret den vil jeg gerne vide hvad der står i højre side af billedet.
der skal stå det samme som nedenstående:
http://www.dslreports.com/forum/remark,13372949
Ca. midten på siden er der et billede sammenlign med det.
Avatar billede ace22 Nybegynder
15. december 2005 - 20:41 #10
den der R3 - Default URLSearchHook is missing kommer tilbage med det samme naar jeg sletter den fra hijackthis
Avatar billede ace22 Nybegynder
15. december 2005 - 20:44 #11
efter currentVersion er der ikke noget som hedder internet settings
Avatar billede halvamatoer Nybegynder
15. december 2005 - 21:10 #12
ok du har ikke mere virus o.lign.
Men din explorer har stadigvæk fejl. Jeg har en ide om at du endnu ikke kan komme ind på windows-update og lign.

Følg nedenstående link for evt. geninstallation af explorer

http://www.hcma.dk/tips51to60.htm#no55

Så tror jeg vi er ved at være der.
Avatar billede ace22 Nybegynder
15. december 2005 - 21:49 #13
jeg kan stadigvaek ikke opdater microsoft den skriver det her

Skift sikkerhedsindstillingerne i Internet Explorer
Hvis du vil gemme ændringer i indstillingerne for dette websted, skal du aktivere vedvarende brugerdata i Internet Explorer. Følg nedenstående trin, og klik derefter på Skift indstillinger til venstre, og prøv at gemme ændringerne igen.
Klik på Internetindstillinger i menuen Funktioner i Internet Explorer.
Klik på fanen Sikkerhed, klik på sikkerhedszoneikonet Internet, og klik derefter på Brugerdefineret niveau.
Rul frem til området Diverse i dialogboksen Indstillinger.
Marker Aktiver under Vedvarende brugerdata.
Klik på OK, og klik på Ja, når en dialogboks med en sikkerhedsadvarsel vises.

men hver gang jeg saetter kryds i aktiver under bruger data laver den selv om til middel sikkerhed igen
Avatar billede Computer Hjælp (Gratis) Mester
15. december 2005 - 21:59 #14
<halvamatoer>: GoSub -> http://exp.dk/spm/672546
Avatar billede halvamatoer Nybegynder
15. december 2005 - 22:06 #15
<dr1> kom lige derfra :-)
Har du nogen forslag til den her - der er ikke mere virus på den?

ace22 -> Hvor meget i linket prøvede du?
Avatar billede ace22 Nybegynder
15. december 2005 - 22:19 #16
Prøv først dette:

Download  denne fil herfra
http://packetstormsecurity.org/Win/IEreg.zip
eller
http://www.fbeej.dk/Programmer/iereg.zip
Udpak den og kør den udpakkede fil. Genstart og se om det har hjulpet.  (de registrerer/genopretter/gendanner/reparerer *.dll i IE

Måske er det nok

Eller:
http://windowsxp.mvps.org/utils/IEFix.zip

som anvender ie.inf til, at reparere IE. Den kræver desuden, at man har sin windows-cd i maskinen.

Eller:
1: Klik på Start - Kør, og skriv: Regedit klik på OK.

2: Nu skal du navigere dig herhen:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \ {89820200-ECBD-11cf-8B85-00AA005B4383}.
Pas på for der er 2 næsten identiske.

Højreklik på den streng som hedder IsInstalled og ændre værdien fra 1 til 0.

3: Luk Regedit på X og genstart.

Jeg smutter i seng nu skal tidligt op i morgen saa maa jeg lige kikke paa det der... tak for hjaelpen skriver nok i morgen
Avatar billede halvamatoer Nybegynder
15. december 2005 - 22:28 #17
god nat
Avatar billede ace22 Nybegynder
16. december 2005 - 20:56 #18
Hej igen
Så er computeren på toppen igen:) Det var hendes lorte firewall som ikke ville lade windows opdater, så nu er den blevet slettet for altid:)

Tak for hjælpen

God jul og god weekend

MVH Andreas
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 00:30 Fejl i Ark Af Morten_Jepsen i Excel
06/0716:56 Kan min mobil hackes Af SBS i Mobiltelefoner
06/0712:56 Forskellige billeder til forskellige skærme ? Af snedker1 i Mac
06/0711:56 Om brug af funktionen sumprodukt Af Erik R i Excel
05/0722:41 Hjælp til at skrive opgave Af Needhelp i Småopgaver
White papers
Flere white papers »


Premium
Teaser billede
Dynamics-kæmpen Cepheo leverer røde tal i første regnskab som selvstændigt selskab
Læs mere »
IBM-direktør efter blodrødt regnskab: “Vi er godt på vej ud af det stormvejr, som ramte os i 2023”
Stiftere overvejer at gøre Flatpay til en bank – krav om compliance er en stopklods
Rejsekort reducerer kraftigt den tid, som selskabet vil beholde dine lokationsdata i: Vil nu slette dem efter få måneder
Se alle »
Computerworld
Teaser billede
Test: Endelig en skærm der er god til alt - lige fra gaming og underholdning til kontorbrug
Læs mere »
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
700.000 Linux-systemer kan været truet af ny alvorlig sårbarhed
Wordperfect-stifteren Bruce Bastian er død: Han revolutionerede tekstbehandlingen, men tabte slaget til Microsoft
Se alle »
CIO
Teaser billede
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Læs mere »
Russisk hack af Microsoft er meget større end først antaget
Halter mange år bagefter: Langsom software-udvikling udfordrer kæmpe digitalt løft af Billund Lufthavn
Efter forbud fra Datatilsynet: Nu ændres data-håndteringen i din kørekort-app
Se alle »
Job & Karriere
Teaser billede
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Sådan får du overblik og beskytter dine cloudapplikationer
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »