CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede mikkelea Nybegynder
30. januar 2006 - 20:56 Der er 2 kommentarer og
2 løsninger

Hijack this og ewido log

Har vist noget winfixer-snavs inde på min pc. Vedlægger her en log fra ewido og en fra hijack this. På forhånd tak:

Logfile of HijackThis v1.99.1
Scan saved at 20:30:57, on 30-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Norton Internet Security\ISSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoguard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Mikkel\Skrivebord\Rod\Hijack This\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://auth.iot.dk/iot/index.jsp?service=https%3a%2f%2fwww.campusnet.iot.dk%2fcnnet%2flink%2fnag.aspx%3fNagVersion%3dYes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\awvwx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\DOCUME~1\Mikkel\SKRIVE~1\Rod\STARDO~1\SDIEInt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmer\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-søgning - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Mikkel\Skrivebord\Rod\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lignende sider - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvwx - C:\WINDOWS\system32\awvwx.dll
O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe


---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            20:27:06, 30-01-2006
+ Rapport-Checksum:        72FB8CC0

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\Interface\{20F36AF3-3486-4BB6-8BCB-F1F8ABE74D07} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\Interface\{4D6CED50-D6AE-40DA-B87F-235593FC1F28} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\NavExcel.NavHelper -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\NavExcel.NavHelper\CLSID -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\NavExcel.NavHelper\CurVer -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\NavExcel.NavHelper.1 -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\TypeLib\{209B1CEA-8B2E-4596-9B35-A4A7DB611EB2} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Classes\TypeLib\{FA4DE133-D3C3-4ED4-92D1-CD4DDE839AB3} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\NavExcel -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\NavExcel\NavHelper -> Spyware.NavExcel : Renset med backup
    HKLM\SOFTWARE\NavExcel\NavHelper\v2.0.4a -> Spyware.NavExcel : Renset med backup
    [208] C:\WINDOWS\system32\awvwx.dll -> Adware.Virtumonde : Renset med backup
    [832] C:\WINDOWS\system32\awvwx.dll -> Adware.Virtumonde : Renset med backup
    C:\WINDOWS\system32\cbaxu.dll -> Downloader.ConHook.w : Renset med backup


::Rapport slut
Avatar billede ejvindh Ekspert
30. januar 2006 - 21:11 #1
Jeg checker den lige :-)
Avatar billede ejvindh Ekspert
30. januar 2006 - 21:16 #2
Hent dette program, og gem det på skrivebordet.
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind, sammen med en frisk Hijackthislog.
Avatar billede mikkelea Nybegynder
31. januar 2006 - 17:20 #3
Ok... nu ser det sådan her ud:

Logfile of HijackThis v1.99.1
Scan saved at 17:18:44, on 31-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Norton Internet Security\ISSVC.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoctrl.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoguard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Mikkel\Skrivebord\Rod\Hijack This\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://auth.iot.dk/iot/index.jsp?service=https%3a%2f%2fwww.campusnet.iot.dk%2fcnnet%2flink%2fnag.aspx%3fNagVersion%3dYes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\DOCUME~1\Mikkel\SKRIVE~1\Rod\STARDO~1\SDIEInt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmer\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-søgning - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Mikkel\Skrivebord\Rod\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lignende sider - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Mikkel\Skrivebord\Rod\Ewido\ewido anti-malware\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe


og sådan her:

[01/31/2006, 17:14:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mikkel\Skrivebord\VirtumundoBeGone.exe" )
[01/31/2006, 17:14:42] - Detected System Information:
[01/31/2006, 17:14:42] -  Windows Version: 5.1.2600, Service Pack 2
[01/31/2006, 17:14:42] -  Current Username: Mikkel (Admin)
[01/31/2006, 17:14:42] -  Windows is in NORMAL mode.
[01/31/2006, 17:14:42] - Searching for Browser Helper Objects:
[01/31/2006, 17:14:42] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/31/2006, 17:14:42] -  BHO 2: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[01/31/2006, 17:14:42] -  BHO 3: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/31/2006, 17:14:42] - ALERT: Found ATLDistrib Object!
[01/31/2006, 17:14:42] -  BHO 4: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[01/31/2006, 17:14:42] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/31/2006, 17:14:42] -  BHO 6: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/31/2006, 17:14:42] -  BHO 7: {FFFFFEF0-5B30-21D4-945D-000000000000} ()
[01/31/2006, 17:14:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/31/2006, 17:14:43] -  Checking for HKLM\...\Winlogon\Notify\SDIEInt
[01/31/2006, 17:14:43] -  Key not found: HKLM\...\Winlogon\Notify\SDIEInt, continuing.
[01/31/2006, 17:14:43] - Finished Searching Browser Helper Objects
[01/31/2006, 17:14:43] - *** Detected ATLDistrib Object
[01/31/2006, 17:14:43] - Trying to remove ATLDistrib Object...
[01/31/2006, 17:14:44] -    Terminating Process: IEXPLORE.EXE
[01/31/2006, 17:14:44] -    Terminating Process: RUNDLL32.EXE
[01/31/2006, 17:14:44] -    Disabling Automatic Shell Restart
[01/31/2006, 17:14:44] -    Terminating Process: EXPLORER.EXE
[01/31/2006, 17:14:45] -    Suspending the NT Session Manager System Service
[01/31/2006, 17:14:45] -    Terminating Windows NT Logon/Logoff Manager
[01/31/2006, 17:14:45] -    Re-enabling Automatic Shell Restart
[01/31/2006, 17:14:45] -  File to disable: C:\WINDOWS\system32\awvwx.dll
[01/31/2006, 17:14:45] -  Renaming C:\WINDOWS\system32\awvwx.dll -> C:\WINDOWS\system32\awvwx.dll.vir
[01/31/2006, 17:14:45] -  File successfully renamed!
[01/31/2006, 17:14:45] -  Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/31/2006, 17:14:45] -  Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/31/2006, 17:14:45] -  Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/31/2006, 17:14:45] -  Deleting ATLEvents/MSEvents Registry entries
[01/31/2006, 17:14:45] -  Removing HKLM\...\Winlogon\Notify\awvwx
[01/31/2006, 17:14:45] - Searching for Browser Helper Objects:
[01/31/2006, 17:14:45] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/31/2006, 17:14:45] -  BHO 2: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[01/31/2006, 17:14:45] -  BHO 3: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[01/31/2006, 17:14:45] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/31/2006, 17:14:45] -  BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/31/2006, 17:14:45] -  BHO 6: {FFFFFEF0-5B30-21D4-945D-000000000000} ()
[01/31/2006, 17:14:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/31/2006, 17:14:45] -  Checking for HKLM\...\Winlogon\Notify\SDIEInt
[01/31/2006, 17:14:45] -  Key not found: HKLM\...\Winlogon\Notify\SDIEInt, continuing.
[01/31/2006, 17:14:45] - Finished Searching Browser Helper Objects
[01/31/2006, 17:14:46] - Finishing up...
[01/31/2006, 17:14:46] - A restart is needed.
[01/31/2006, 17:14:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/31/2006, 17:14:58] - Attempting to Restart via STOP error (Blue Screen!)
Avatar billede ejvindh Ekspert
31. januar 2006 - 19:37 #4
Det ser meget bedre ud. Du kan lige fixe denne linie:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

...så er loggen ren. Kører computeren bedre nu?

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 12:16 Loop ved tilgang af Facebook Af andershl i Browsere
I går 21:44 Kan jeg få Google til at søge "Engelsk" eller "Tysk" eller "Svensk". Af Ikke-ekspert i Browsere
I går 20:42 Hvilken form for backup system kan i anbefale? Af www.jimlyngvild.com i Cloudtjenester
I går 15:15 Rapport koder placeret i moduler Af per2edb i Access
I går 14:09 Computer vil ikke starte Windows Af sirkejser i Windows
White papers
Flere white papers »


Premium
Teaser billede
Microsoft tvangsopdaterer en hel stribe Windows-pc’er
Læs mere »
På blot fire år har Anne og Jacob skabt Danmarks dygtigste it-konsulenthus: "Netværk har været afgørende for vores succes"
Efter 193 dage i politiets varetægt er manden bag Netcompany-læk nu løsladt: "Min klient er naturligvis rigtig glad"
Flere år forsinket: Nu buldrer prisen for stort it-system til politiet i vejret - stiger med 22 procent
Se alle »
Computerworld
Teaser billede
Om lidt går det løs: Så banebrydende bliver iPhone 16
Læs mere »
iPhone 16 og 16 Pro slippes løs: Her er de to afgørende nyheder
Nu kommer en af bilbranchens største software-opdateringer nogensinde
Apple ændrer grundlæggende på den måde, som din iPhone skal opdateres på
Se alle »
CIO
Teaser billede
Nu kommer næste store version af Copilot
Læs mere »
Syv vigtige teknologier, som alle CIO'er bør forholde sig til - kommer til at sætte dagsordenen
Microsoft vil have flere kunder ind i folden: Åbner for verdensomspændende rabat på Copilot M365
Microsoft har fundet 79 sårbarheder i Windows – du bør opdatere straks
Se alle »
Job & Karriere
Teaser billede
Pludselig exit fra Schultz kom som en overraskelse for Merete Søby: Derfor stoppede samarbejdet
Læs mere »
Merete Søby fratræder med omgående virkning som CEO for Schultz efter blot tre måneder på posten
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
MDR: Transparent sikkerhed og overvågning i realtid
Læs mere »
Cyberstatus 2024: Her er truslerne – og her forbereder virksomhederne sig
Guide: Sådan udvikler du en moderne netværksstrategi
Sådan får du overblik og beskytter dine cloudapplikationer
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »