Avatar billede eyelessdk Nybegynder
30. april 2006 - 16:02 Der er 16 kommentarer og
1 løsning

Hijackthis log

Er der nogen der gider at tjekke min Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:55:47, on 30-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\antispyware\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\avast\aswUpdSv.exe
C:\avast\ashServ.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\avast\ashMaiSv.exe
C:\avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\avast\ashDisp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\aim\aim.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\HP\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\antispyware\SpywareGuard\sgmain.exe
C:\Programmer\antispyware\SpywareGuard\sgbhp.exe
C:\Programmer\HP\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\LimeWire\LimeWire.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Programmer\Winamp\Winamp.exe
C:\Programmer\audio city\audacity.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\hijack\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\antispyware\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\ANTISP~1\smc.exe -startgui
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKLM\..\Run: [outlook] C:\Programmer\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Programmer\IDA\ida.exe -autorun
O4 - Startup: SpywareGuard.lnk = C:\Programmer\antispyware\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinDVD 4.lnk = C:\Programmer\InterVideo\WinDVD4\WinDVD.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138352D2D2D.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095758907263
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\antispyware\smc.exe
Avatar billede arlet Juniormester
30. april 2006 - 16:24 #1
kigger på den
Avatar billede eyelessdk Nybegynder
30. april 2006 - 16:26 #2
cool
Avatar billede arlet Juniormester
30. april 2006 - 16:28 #3
Så skal vi have en scanner på arbejde..



Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Start programmet, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet.

Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Genstart normalt og ny hijackthis log
Avatar billede fromsej Praktikant
30. april 2006 - 16:35 #4
Arlet >> Hvis SaS ikke pelser den, så har jeg et trick oppe i ærmet.*S*
Avatar billede arlet Juniormester
30. april 2006 - 16:49 #5
Den har klaret den før, så jeg håber også den gør det igen*S*
Avatar billede eyelessdk Nybegynder
30. april 2006 - 22:19 #6
ok sorry det tog så lang tid det fuckede lidt op:

superantispy:
SUPERAntiSpyware Scan Log
Generated 04/30/2006 at 10:07 PM

Core Rules Database Version : 2905
Trace Rules Database Version: 1038

Memory threats detected  : 0
Registry threats detected : 0
File threats detected    : 1

Trojan.Unknown Origin
    C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344\A0083741.exe

Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:19:22, on 30-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\antispyware\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\avast\ashDisp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\outlook\outlook.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\aim\aim.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\avast\aswUpdSv.exe
C:\avast\ashServ.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\HP\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\winlog.exe
C:\Programmer\antispyware\SpywareGuard\sgmain.exe
C:\Programmer\antispyware\SpywareGuard\sgbhp.exe
C:\Programmer\HP\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\avast\ashMaiSv.exe
C:\avast\ashWebSv.exe
C:\Programmer\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\LimeWire\LimeWire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\hijack\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\antispyware\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\ANTISP~1\smc.exe -startgui
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKLM\..\Run: [outlook] C:\Programmer\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Programmer\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\antispyware\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinDVD 4.lnk = C:\Programmer\InterVideo\WinDVD4\WinDVD.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095758907263
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\antispyware\smc.exe
Avatar billede eyelessdk Nybegynder
30. april 2006 - 22:23 #7
forresten kom til at lave to superantispyware tjeck her er den første log

SUPERAntiSpyware Scan Log
Generated 04/30/2006 at 05:26 PM

Core Rules Database Version : 2905
Trace Rules Database Version: 1038

Memory threats detected  : 0
Registry threats detected : 23
File threats detected    : 114

Trojan.WinLog/System
    [winlog] C:\WINDOWS\system32\winlog.exe
    C:\WINDOWS\system32\winlog.exe
    [winlog] C:\WINDOWS\system32\winlog.exe
    C:\WINDOWS\Prefetch\WINLOG.EXE-38E2F254.pf

Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
    C:\PROGRA~1\RXTOOL~1\sfcont.dll

Trojan.ZQuest
    HKLM\Software\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}\InProcServer32
    HKCR\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7}\InProcServer32#ThreadingModel
    C:\WINDOWS\DH.dll

Adware.Tracking Cookie
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1072476487[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@tacoda[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@yieldmanager[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@tripod[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@webpower[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@azjmp[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@list[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@belnk[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@site=MYSONGBOOK[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adopt.euroclick[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@statcounter[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@nextag[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cs.sexcounter[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.buddypic[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@handbag[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@m1.webstats4u[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@hypertracker[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@image.masterstats[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@82743606[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@e2.emediate[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@bs.serving-sys[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@2.go.globaladsales[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1071108430[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.xxxpower[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ad.ofir[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@banner[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ad.yieldmanager[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@realmedia[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.pitchforkmedia[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@dist.belnk[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@burstnet[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@track.adform[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@stats.liutilities[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adserver[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.i-am-bored[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@stat.onestat[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@smileycentral[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ad[3].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@indextools[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.banner-farm[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@partypoker[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@revenue[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ad.adition[3].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.lycos-europe[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@server.iad.liveperson[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@xiti[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@xxxpower[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1071891342[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@hentaicounter[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adopt.specificclick[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@revsci[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@hurricanedigitalmedia[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@tracker.krudtting[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@optimost[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adserver.banneradministration[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@yadro[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ifriends[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.cnn[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@mb[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.popupsandbanners[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@stat.postdanmark[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@click.porngurus[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.contactmusic[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adserv.muchosucko[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@apmebf[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.realcastmedia[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@flashstat.jubii[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adultfriendfinder[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads2.drivelinemedia[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@popularscreensavers[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.counterdienst[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@atwola[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@interclick[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ad1.emediate[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@getlippy[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.realtechnetwork[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@serving-sys[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@clicksor[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1069602872[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1068811216[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@crbanner.casinopays[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@7372395[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@banner.cdpoker[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.cibleclick[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@st[4].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cgi-bin[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.teenhornysex[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads2.jubii[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@toppro[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.xxx69[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.gameworldnetwork[2].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1071699682[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ad.adition[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@globalstat[1].txt
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@burstnet[2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@atwola[1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@soundclick[1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@www.burstbeacon[2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@www.dgm2[1].txt

Adware.WhenU
    C:\Documents and Settings\Poul Ottesen\Menuen Start\Programmer\WhenU\Learn More About Save!.url
    C:\Documents and Settings\Poul Ottesen\Menuen Start\Programmer\WhenU\Learn More About SaveNow.url
    C:\Documents and Settings\Poul Ottesen\Menuen Start\Programmer\WhenU\WhenU.com Website.url
    C:\Documents and Settings\Poul Ottesen\Menuen Start\Programmer\WhenU

Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion#LastModified
    C:\sk02.exe
    C:\WINDOWS\teller2.chk

Trojan.SmartLoad
    C:\drsmartload1.exe

Trojan.WinSysBan
    C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP332\A0081244.exe
    C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP333\A0081340.exe

Trojan.GimmySmilies
    C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP333\A0081339.exe
Avatar billede fromsej Praktikant
30. april 2006 - 22:26 #8
Hmm, den tog meget, men ikke det jeg specifikt kiggede på.
Så er det ærmerystetid.*S*(Hjælper det heller ikke, er det manuelt)

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet. Vent med at scanne.

-- Hent Brute Force Uninstaller, og pak det ud til sin egen mappe (c:\BFU):
http://www.merijn.org/files/bfu.zip

-- Højreklik på følgende link, og vælg "Gem som" for at downloade Alcan Remover. Gem det i samme mappe som du gemte Brute Force Uninstaller i (c:\BFU):
http://metallica.geekstogo.com/alcanshorty.bfu

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Klik på "Min computer", og naviger frem til c:\BFU mappen. Dobbeltklik på BFU.exe. I det vindue som nu dukker frem skal du copy/paste denne linie ind:
c:\bfu\alcanshorty.bfu

Klik herefter på "execute", og lad programmet gøre sit arbejde. Vent and let it do it’s job. Når scriptet er færdig, klikker du på OK, og derefter på EXIT.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido.
Avatar billede fromsej Praktikant
30. april 2006 - 22:27 #9
Til de interesserede, er det disse jeg tænker på:
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
Avatar billede eyelessdk Nybegynder
30. april 2006 - 22:44 #10
Er igang
Avatar billede eyelessdk Nybegynder
01. maj 2006 - 00:23 #11
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            00:14:07, 01-05-2006
+ Rapport-Checksum:        BCAF65ED

+ Scanningsresultat:
    :mozilla.32:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.33:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.34:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.35:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.36:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.37:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.38:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.39:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.40:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.41:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.42:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.43:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.44:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.45:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.46:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.47:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.48:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.49:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.50:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.51:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.60:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Web-stat : Renset med backup
    :mozilla.61:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Web-stat : Renset med backup
    :mozilla.62:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Web-stat : Renset med backup
    :mozilla.78:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.82:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.84:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.92:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.93:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.100:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.101:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.102:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.103:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.104:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.105:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.106:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.107:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.108:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.109:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.110:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.111:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.112:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.113:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.114:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.115:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.116:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.125:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.163:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.164:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.165:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.166:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.167:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.168:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.169:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.170:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.171:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.172:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.176:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.177:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.178:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.179:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.180:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.181:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.182:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.183:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.188:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.207:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.208:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.252:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.296:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.297:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.328:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.329:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.330:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.331:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.351:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Adition : Renset med backup
    :mozilla.352:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Adition : Renset med backup
    :mozilla.355:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.356:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.388:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Clickbank : Renset med backup
    :mozilla.389:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.392:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.412:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.413:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.414:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.415:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.416:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.417:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.418:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.419:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.531:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Zedo : Renset med backup
    :mozilla.532:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Zedo : Renset med backup
    :mozilla.554:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.555:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.578:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.579:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.648:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Doubleclick : Renset med backup
    :mozilla.649:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.650:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.651:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.652:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.653:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
    :mozilla.654:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.655:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.656:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.657:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.658:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Valueclick : Renset med backup
    :mozilla.659:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Masterstats : Renset med backup
    :mozilla.660:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Clickzs : Renset med backup
    :mozilla.661:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Clickzs : Renset med backup
    :mozilla.662:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.663:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.672:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Mediaplex : Renset med backup
    :mozilla.679:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Atdmt : Renset med backup
    :mozilla.680:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Tribalfusion : Renset med backup
    :mozilla.742:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yadro : Renset med backup
    :mozilla.743:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Yadro : Renset med backup
    :mozilla.773:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Hypertracker : Renset med backup
    :mozilla.816:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.817:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.831:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Specificclick : Renset med backup
    :mozilla.832:C:\Documents and Settings\Poul Ottesen\Application Data\Mozilla\Firefox\Profiles\ndi4xlto.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@casalemedia[1].txt -> TrackingCookie.Casalemedia : Renset med backup
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@com[2].txt -> TrackingCookie.Com : Renset med backup
    C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@count.xhit[2].txt -> TrackingCookie.Xhit : Renset med backup
    C:\Documents and Settings\Poul Ottesen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GTAJGXMJ\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Renset med backup
    C:\Documents and Settings\Poul Ottesen\Lokale indstillinger\Temporary Internet Files\Content.IE5\K1MFKDYR\new2[1].htm -> Not-A-Virus.Exploit.JS.CVE20061359.b : Renset med backup
    C:\Programmer\hijack\backups\backup-20060106-151107-942.dll -> Adware.RXBar : Renset med backup
    C:\Programmer\Ny mappe (2)\RiskIISetup-dm.exe -> Adware.Trymedia : Renset med backup
    C:\Programmer\outlook\p.zip/Setup.exe -> Worm.VB.dw : Renset med backup
    C:\Programmer\outlook\v.tmp -> Worm.VB.dw : Renset med backup
    C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344\A0083740.exe -> Backdoor.Rbot : Renset med backup
    C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344\A0083742.exe -> Downloader.Adload.ap : Renset med backup
    C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344\A0083763.exe -> Worm.VB.dw : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@casalemedia[1].txt -> TrackingCookie.Casalemedia : Renset med backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@euniverseads[1].txt -> TrackingCookie.Euniverseads : Renset med backup
    C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Renset med backup


::Rapport slut





Logfile of HijackThis v1.99.1
Scan saved at 00:22:36, on 01-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\antispyware\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\avast\aswUpdSv.exe
C:\avast\ashServ.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\avast\ashDisp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\aim\aim.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\HP\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\antispyware\SpywareGuard\sgmain.exe
C:\Programmer\antispyware\SpywareGuard\sgbhp.exe
C:\Programmer\HP\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\avast\ashMaiSv.exe
C:\avast\ashWebSv.exe
C:\Programmer\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\hijack\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\antispyware\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\ANTISP~1\smc.exe -startgui
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Programmer\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\antispyware\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinDVD 4.lnk = C:\Programmer\InterVideo\WinDVD4\WinDVD.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095758907263
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\antispyware\smc.exe
Avatar billede fromsej Praktikant
01. maj 2006 - 08:36 #12
Det var s.t.ns, nå så må det blive manuelt arbejde.

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe

---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
<Ingen>
-------------------
Filer:
C:\WINDOWS\msnappm.exe
C:\windows\keyboard10.exe
C:\windows\mousepad10.exe
C:\windows\newname10.exe
---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.
Avatar billede eyelessdk Nybegynder
01. maj 2006 - 18:19 #13
Avatar billede fromsej Praktikant
01. maj 2006 - 18:21 #14
Den virker fint her.
Prøv at deaktivere din Firewall, så burde det virke.
Avatar billede eyelessdk Nybegynder
01. maj 2006 - 18:37 #15
ok så virker det
Avatar billede eyelessdk Nybegynder
01. maj 2006 - 20:50 #16
Jeg kunne ikke finde drweb32w.log men jeg gik ind i file->save report list og fik det her ud af det:


SetupPoker.exe\data002;C:\Documents and Settings\Poul Ottesen\SetupPoker.exe;Adware.Casino;;
SetupPoker.exe\data003;C:\Documents and Settings\Poul Ottesen\SetupPoker.exe;Adware.Casino;;
SetupPoker.exe;C:\Documents and Settings\Poul Ottesen;Archive contains infected objects;Moved.;
SetupPoker.exe\data002;C:\Documents and Settings\Poul Ottesen\DoctorWeb\Quarantine\SetupPoker.exe;Adware.Casino;;
SetupPoker.exe\data003;C:\Documents and Settings\Poul Ottesen\DoctorWeb\Quarantine\SetupPoker.exe;Adware.Casino;;
SetupPoker.exe;C:\Documents and Settings\Poul Ottesen\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Top of Charts - 2005.wma;C:\Documents and Settings\Poul Ottesen\Dokumenter\Musik;Adware.nCase;Renamed.;
mirc.exe;C:\Documents and Settings\Poul Ottesen\Dokumenter\Musik\PunkRockVids4.0\PunkRockVids3.0\#PunkRockVids;Program.mIRC.616;Renamed.;
mirc.exe;C:\Documents and Settings\Poul Ottesen\Dokumenter\Musik\PunkRockVids4.0\PunkRockVids3.0\#PunkRockVids\backup;Program.mIRC.612;Renamed.;
mirc.exe;C:\mIRC;Program.mIRC.616;Renamed.;
WxBug.EXE;C:\Programmer\aim\Sysfiles;Adware.Aws;Renamed.;
hltv.exe;C:\Programmer\halflife\Half-life;Tool.ProxyHLTV;Renamed.;
strun.exe;C:\spyware\strun;Tool.StartupRun.122;Renamed.;
A0083770.dll;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Adware.RXToolbar;Renamed.;
A0083771.exe;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Adware.TryMedia;Renamed.;
A0083772.exe;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Win32.HLLW.MyBot;Deleted.;
A0083805.exe\data002;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344\A0083805.exe;Adware.Casino;;
A0083805.exe\data003;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344\A0083805.exe;Adware.Casino;;
A0083805.exe;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Archive contains infected objects;Moved.;
A0083806.exe;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Trojan.DownLoader.2667;Incurable.Moved.;
A0083807.exe;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Program.mIRC.616;Renamed.;
A0083808.EXE;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Adware.Aws;Renamed.;
A0083809.exe;C:\System Volume Information\_restore{29619951-8A0D-4A84-9B20-5B4F925DF7FB}\RP344;Tool.ProxyHLTV;Renamed.;


her er Hijackthis loggen:
Logfile of HijackThis v1.99.1
Scan saved at 20:50:49, on 01-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\antispyware\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\avast\aswUpdSv.exe
C:\avast\ashServ.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\avast\ashMaiSv.exe
C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\avast\ashDisp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\aim\aim.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\avast\ashWebSv.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\HP\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\antispyware\SpywareGuard\sgmain.exe
C:\Programmer\HP\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\antispyware\SpywareGuard\sgbhp.exe
C:\Programmer\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Microsoft Works\WksWP.exe
C:\Programmer\Microsoft Works\MSWorks.exe
C:\Programmer\Microsoft Works\wkgdcach.exe
C:\Programmer\hijack\hijackthis.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\antispyware\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\ANTISP~1\smc.exe -startgui
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Programmer\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\antispyware\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinDVD 4.lnk = C:\Programmer\InterVideo\WinDVD4\WinDVD.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095758907263
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\antispyware\smc.exe
Avatar billede fromsej Praktikant
01. maj 2006 - 20:55 #17
Så er din log ren, vi behøver ikke at se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB