CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede alex_h_jensen Nybegynder
01. maj 2006 - 06:33 Der er 7 kommentarer og
1 løsning

Spyware..igen..

Hej nu er jeg blevet inficeret igen.. Jeg har Norton antivirus og desuden kører Spyware guard. Og begge programmer er opdateret. Desuden kører jeg Ewido en gang om ugen. Men er alligevel blevet ret kraftigt inficeret. Jeg vedlægger en log fil.Logfile of HijackThis v1.99.1
Scan saved at 06:30:26, on 01-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\atmclk.exe
C:\Programmer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp92AF.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /M "Stylus C86" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmer\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmer\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmer\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Jeg mistænker disse 2: (R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp92AF.tmp
for at være en del af problemet. Og har fået slettet de 2 forrige, men da de dukker op igen er der noget som jeg ikke får gjordt rigtigt.

Med venlig hilsen
Alex H Jensen
Avatar billede tonnybrandt Nybegynder
01. maj 2006 - 07:17 #1
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret.

Start programmet, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start programmet igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Vi skal også se en frisk hijackthislog.
Avatar billede alex_h_jensen Nybegynder
01. maj 2006 - 10:06 #2
Så har den fået arbejdet lidt. Jeg kunne ikke få lov til at køre programmet i fejlsikret, så jeg har kørt den normalt. Og nu kan jeg da få lov til selv at betemme startsiden. Her er loggen:

SUPERAntiSpyware Scan Log
Generated 05/01/2006 at 09:56 AM

Core Rules Database Version : 2906
Trace Rules Database Version: 1038

Memory threats detected  : 2
Registry threats detected : 7
File threats detected    : 228

Trojan.AtmClk
    C:\WINDOWS\SYSTEM32\ATMCLK.EXE
    C:\WINDOWS\SYSTEM32\ATMCLK.EXE
    C:\Recycled\NPROTECT\00014575.exe
    C:\WINDOWS\Prefetch\ATMCLK.EXE-15A39E48.pf

Trojan.DCOMCfg
    C:\WINDOWS\SYSTEM32\DCOMCFG.EXE
    C:\WINDOWS\SYSTEM32\DCOMCFG.EXE
    C:\WINDOWS\Prefetch\DCOMCFG.EXE-1E780C99.pf

Trojan.Homepage
    HKLM\Software\Classes\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}
    HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}
    HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}
    HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32
    HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32#ThreadingModel
    C:\WINDOWS\system32\hp5C1E.tmp
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0398eca-0bcd-4645-8261-5e9dc70248d0}
    C:\Programmer\backups\backup-20060430-223903-560.dll
    C:\Programmer\backups\backup-20060430-223949-620.dll
    C:\Programmer\backups\backup-20060430-223959-396.dll
    C:\Programmer\backups\backup-20060430-224802-327.dll
    C:\Programmer\backups\backup-20060430-232020-205.dll
    C:\Programmer\backups\backup-20060501-062459-490.dll

Adware.Tracking Cookie
    C:\Documents and Settings\standard\Cookies\standard@gostats[3].txt
    C:\Documents and Settings\standard\Cookies\standard@www.banner-farm[3].txt
    C:\Documents and Settings\standard\Cookies\standard@server.iad.liveperson[2].txt
    C:\Documents and Settings\standard\Cookies\standard@adtech[2].txt
    C:\Documents and Settings\standard\Cookies\standard@track.adform[4].txt
    C:\Documents and Settings\standard\Cookies\standard@83842527[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ad.ofir[2].txt
    C:\Documents and Settings\standard\Cookies\standard@ad1.emediate[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.dk-sex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@xiti[1].txt
    C:\Documents and Settings\standard\Cookies\standard@adopt.hbmediapro[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.eurocarsex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@toplist[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.stopzilla[2].txt
    C:\Documents and Settings\standard\Cookies\standard@xiti[2].txt
    C:\Documents and Settings\standard\Cookies\standard@ad1.emediate[1].txt
    C:\Documents and Settings\standard\Cookies\standard@sexoflover[1].txt
    C:\Documents and Settings\standard\Cookies\standard@bdsm.wildsexland[2].txt
    C:\Documents and Settings\standard\Cookies\standard@toplist[2].txt
    C:\Documents and Settings\standard\Cookies\standard@belnk[1].txt
    C:\Documents and Settings\standard\Cookies\standard@freesexmovies[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.waysex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.4xxxtremepleasures[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.xxxvogue[1].txt
    C:\Documents and Settings\standard\Cookies\standard@click.payserve[1].txt
    C:\Documents and Settings\standard\Cookies\standard@m1.webstats4u[1].txt
    C:\Documents and Settings\standard\Cookies\standard@tdstats[1].txt
    C:\Documents and Settings\standard\Cookies\standard@maxserving[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ads2.jubii[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ad.ofir[3].txt
    C:\Documents and Settings\standard\Cookies\standard@winfixer[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.erotiqsex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@23sex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@dyre-sex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@stats[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.banner-box[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexyavenue[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.banner-farm[2].txt
    C:\Documents and Settings\standard\Cookies\standard@dist.belnk[1].txt
    C:\Documents and Settings\standard\Cookies\standard@track.adform[2].txt
    C:\Documents and Settings\standard\Cookies\standard@click.payserve[2].txt
    C:\Documents and Settings\standard\Cookies\standard@herfirstanalsex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@adultfriendfinder[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.elitetopsites[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.mysexykittens[1].txt
    C:\Documents and Settings\standard\Cookies\standard@toplist[3].txt
    C:\Documents and Settings\standard\Cookies\standard@www.xxx69[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.banner-farm[1].txt
    C:\Documents and Settings\standard\Cookies\standard@indextools[1].txt
    C:\Documents and Settings\standard\Cookies\standard@maxserving[2].txt
    C:\Documents and Settings\standard\Cookies\standard@sexoflover[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexhungrymoms[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.hardsextacy[2].txt
    C:\Documents and Settings\standard\Cookies\standard@mainsex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@incest.thumbxxx[2].txt
    C:\Documents and Settings\standard\Cookies\standard@comix.extreme3dsex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@taboo.crazyxxx3dworld[2].txt
    C:\Documents and Settings\standard\Cookies\standard@hentaicounter[1].txt
    C:\Documents and Settings\standard\Cookies\standard@xxx[1].txt
    C:\Documents and Settings\standard\Cookies\standard@oneclickchicks[1].txt
    C:\Documents and Settings\standard\Cookies\standard@000sex000[2].txt
    C:\Documents and Settings\standard\Cookies\standard@sex.1-fat[1].txt
    C:\Documents and Settings\standard\Cookies\standard@video4free5.sexgroom[1].txt
    C:\Documents and Settings\standard\Cookies\standard@bdsm.personalsex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.wildzoosex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@crazy3dxxx.cartoons-xxx[2].txt
    C:\Documents and Settings\standard\Cookies\standard@xiti[3].txt
    C:\Documents and Settings\standard\Cookies\standard@m1.webstats4u[2].txt
    C:\Documents and Settings\standard\Cookies\standard@stats[3].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexyavenue[2].txt
    C:\Documents and Settings\standard\Cookies\standard@ad.ofir[1].txt
    C:\Documents and Settings\standard\Cookies\standard@track.effiliation[1].txt
    C:\Documents and Settings\standard\Cookies\standard@webpower[1].txt
    C:\Documents and Settings\standard\Cookies\standard@fhg.payasyouclick[1].txt
    C:\Documents and Settings\standard\Cookies\standard@payasyouclick[2].txt
    C:\Documents and Settings\standard\Cookies\standard@private-teen-sex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@xxxcumcash[2].txt
    C:\Documents and Settings\standard\Cookies\standard@realmedia[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sextasya[2].txt
    C:\Documents and Settings\standard\Cookies\standard@statsgold[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ads.tarrobads[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ad1.emediate[3].txt
    C:\Documents and Settings\standard\Cookies\standard@revsci[1].txt
    C:\Documents and Settings\standard\Cookies\standard@adserver.banneradministration[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexfarmer[2].txt
    C:\Documents and Settings\standard\Cookies\standard@galleries.spy-sex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@winfixer[1].txt
    C:\Documents and Settings\standard\Cookies\standard@warlog[1].txt
    C:\Documents and Settings\standard\Cookies\standard@adopt.hbmediapro[3].txt
    C:\Documents and Settings\standard\Cookies\standard@www.latexfetishsex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.dk-sex[3].txt
    C:\Documents and Settings\standard\Cookies\standard@sexyslutstgp[1].txt
    C:\Documents and Settings\standard\Cookies\standard@fhg.best-sex-galleries[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.5isex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@fuckfreesex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@bdsm.xxxpixdaily[2].txt
    C:\Documents and Settings\standard\Cookies\standard@sexnemo[1].txt
    C:\Documents and Settings\standard\Cookies\standard@23sex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@usasexfree[1].txt
    C:\Documents and Settings\standard\Cookies\standard@cool.muchsexygirls[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexux[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexforpain[1].txt
    C:\Documents and Settings\standard\Cookies\standard@adserver.oneclickchicks[1].txt
    C:\Documents and Settings\standard\Cookies\standard@galleries.naturalxxxonly[2].txt
    C:\Documents and Settings\standard\Cookies\standard@voyeur.muchsexygirls[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.erotiqsex[3].txt
    C:\Documents and Settings\standard\Cookies\standard@dist.belnk[3].txt
    C:\Documents and Settings\standard\Cookies\standard@www.winfixer[1].txt
    C:\Documents and Settings\standard\Cookies\standard@belnk[2].txt
    C:\Documents and Settings\standard\Cookies\standard@sexadditions[1].txt
    C:\Documents and Settings\standard\Cookies\standard@galleries.marriedxxxcouples[1].txt
    C:\Documents and Settings\standard\Cookies\standard@sexyteenspics[2].txt
    C:\Documents and Settings\standard\Cookies\standard@cute-sex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.cute-sex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.free-galleriesxxx[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexygirlspages[1].txt
    C:\Documents and Settings\standard\Cookies\standard@fuck.muchsexygirls[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexyrussianchicks[1].txt
    C:\Documents and Settings\standard\Cookies\standard@sexshorties[1].txt
    C:\Documents and Settings\standard\Cookies\standard@amsterdamlivexxx[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.xxx-routes[2].txt
    C:\Documents and Settings\standard\Cookies\standard@teensex.nylonsites[2].txt
    C:\Documents and Settings\standard\Cookies\standard@adfair[2].txt
    C:\Documents and Settings\standard\Cookies\standard@bdsm.sexgoodsex[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.sexyrussianbabes[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.maxrevenue[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.xxxfetishvideos[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.oralsexorgies[2].txt
    C:\Documents and Settings\standard\Cookies\standard@gostats[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.fetishsexpics[1].txt
    C:\Documents and Settings\standard\Cookies\standard@stat.dealtime[2].txt
    C:\Documents and Settings\standard\Cookies\standard@monster.gostats[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ads.archivefree[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.101sexsecret[2].txt
    C:\Documents and Settings\standard\Cookies\standard@teen-sexy-girls[1].txt
    C:\Documents and Settings\standard\Cookies\standard@sex4000[1].txt
    C:\Documents and Settings\standard\Cookies\standard@drunk-sex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.xxxpower[1].txt
    C:\Documents and Settings\standard\Cookies\standard@xxxpower[2].txt
    C:\Documents and Settings\standard\Cookies\standard@herfirstanalsex[3].txt
    C:\Documents and Settings\standard\Cookies\standard@private.familysex[2].txt
    C:\Documents and Settings\standard\Cookies\standard@track.adform[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.longxxxclips[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.dafreexxxmovies[1].txt
    C:\Documents and Settings\standard\Cookies\standard@www.fetishsexpics[2].txt
    C:\Documents and Settings\standard\Cookies\standard@www.adserv[1].txt
    C:\Documents and Settings\standard\Cookies\standard@oxycounter[1].txt
    C:\Documents and Settings\standard\Cookies\standard@galleries.amateursexhunters[2].txt
    C:\Documents and Settings\standard\Cookies\standard@hurricanedigitalmedia[2].txt
    C:\Documents and Settings\standard\Cookies\standard@galleries.sweetxxxrussians[1].txt
    C:\Documents and Settings\standard\Cookies\standard@bannere.fyens[1].txt
    C:\Documents and Settings\standard\Cookies\standard@xml.bravenetmedianetwork[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ads2.jubii[3].txt
    C:\Documents and Settings\standard\Cookies\standard@www.thesexsquare[2].txt
    C:\Documents and Settings\standard\Cookies\standard@realsexcash[2].txt
    C:\Documents and Settings\standard\Cookies\standard@banner.cdpoker[2].txt
    C:\Documents and Settings\standard\Cookies\standard@track.adform[3].txt
    C:\Documents and Settings\standard\Cookies\standard@members.adultmegaxxx[1].txt
    C:\Documents and Settings\standard\Cookies\standard@track.adform[5].txt
    C:\Documents and Settings\standard\Cookies\standard@members.adultmegaxxx[2].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@belnk[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@dist.belnk[2].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@track.adform[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@track.adform[2].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@www.123-counter[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@ad.ofir[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@bannere.fyens[3].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@flexbanner[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@bannere.fyens[2].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@adfair[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@indextools[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@track.adform[3].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@track.adform[4].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@adserver.banneradministration[1].txt
    C:\Documents and Settings\Kristina M. Jensen\Cookies\kristina m. jensen@bannere.fyens[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@winantispyware[1].txt
    C:\Documents and Settings\Kristina\Cookies\kristina@adserver.banneradministration[2].txt
    C:\Documents and Settings\Kristina\Cookies\kristina@track.adform[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006
    HKU\S-1-5-21-1004336348-842925246-1060284298-1003\Software\WinAntiSpyware 2006 Scanner
    C:\Documents and Settings\standard\Lokale indstillinger\Temp\NI.UWAS6_0001_N73M1104\setup.exe
    C:\Documents and Settings\standard\Lokale indstillinger\Temp\WinAntiSpyware2006Setup.exe
    C:\System Volume Information\_restore{28384791-0234-4FBD-845B-24BD2CB0E71B}\RP357\A0068191.exe
    C:\System Volume Information\_restore{28384791-0234-4FBD-845B-24BD2CB0E71B}\RP357\A0068193.exe
    C:\System Volume Information\_restore{28384791-0234-4FBD-845B-24BD2CB0E71B}\RP357\A0068196.exe
    C:\System Volume Information\_restore{28384791-0234-4FBD-845B-24BD2CB0E71B}\RP357\A0068199.dll

Browser Hijacker.Favorites
    C:\Documents and Settings\All Users\Foretrukne\Download Free Spyware Remover.url
    C:\Documents and Settings\All Users\Foretrukne\NEW VIAGRA at Half Price!.url
    C:\Documents and Settings\All Users\Foretrukne\Online Chat With Nude Girls.url
    C:\Documents and Settings\All Users\Foretrukne\Order CIALIS online without leaving home..url
    C:\Documents and Settings\All Users\Foretrukne\PC protection in under 2 minutes!.url
    C:\Documents and Settings\All Users\Foretrukne\SEX Dating - Real Girls For Real SEX.url
    C:\Documents and Settings\All Users\Foretrukne\Stop PopUps On Your Computer.url
    C:\Documents and Settings\All Users\Foretrukne\VIAGRA at incredible low price. Bonus Pills!.url
    C:\Documents and Settings\All Users\Foretrukne\View ADULT photos of REAL GIRLS!.url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Cialis at HALF PRICE!.url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Tramadol Special Offer!.url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Guaranteed low price at Pills..url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Fast Way To Loose Your Weight!.url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\CHEAPEST VIAGRA ONLINE.url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\SOMA at Special LOW PRICE.url
    C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy
    C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\Meet Girls Who Want To Get Laid!.url
    C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\Meet Horny Girls In Your Area!.url
    C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\SEX Dating - people looking for SEX.url
    C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\View XXX photos of Real Sexy Girls..url
    C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\Read profiles and Chat With Nude Girls!.url
    C:\Documents and Settings\All Users\Foretrukne\Sex and Dating
    C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Free Spyware Scanner..url
    C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Stop PopUps on your PC..url
    C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Search & Destroy Annoying Adware..url
    C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
    C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall

Trojan.Security Toolbar
    C:\WINDOWS\Foretrukne\Antivirus Test Online.url
    C:\WINDOWS\All Users\Skrivebord\Security Troubleshooting.url
    C:\WINDOWS\All Users\Skrivebord\Online Security Guide.url

Trojan.UnSpyPC Spyware Scanner
    C:\System Volume Information\_restore{28384791-0234-4FBD-845B-24BD2CB0E71B}\RP342\A0065499.exe

og hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:20, on 01-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\notepad.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /M "Stylus C86" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmer\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmer\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmer\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede tonnybrandt Nybegynder
01. maj 2006 - 10:19 #3
Det ser fint ud. Loggen er ren

Du må gerne lige fixe denne linie i HiJackThis:

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

Det er ikke snavs, men linien skal ikke være der, når det er en XP.

Hvordan kører pc'en ?
Norgen popup's eller andet som ikek kan ses ud fra loggen ?

Mht at du kører Ewido en gang om ugen, vil jeg anbefale at du istedet bruger Super AntiSpyware. Lige pt er den altså en klasse bedre end Ewido, efter min mening.
Avatar billede alex_h_jensen Nybegynder
01. maj 2006 - 10:28 #4
Pc'en er oppe og køre normalt. :-) Det er jo en ældre maskine. :-) Så jeg skal droppe ewido og istedet bruge super antispyware? Desudenhar jeg følgende programmer liggende fra tidligere rensninger:

About buster
CWShredder
fixwareout
xclean micro.

Jeg mener ikke der vil ske noget ved at slette dem.

Hvordan sikre mig bedst muligt imod gentagelser? Det er ikke mere end 3 uger siden jeg sidst rensede maskinen. og det er der ikke meget sjov ved at skulle hver 3 uge. nogle ideer?
Og forløbig MANGE tak.

Alex
Avatar billede tonnybrandt Nybegynder
01. maj 2006 - 10:36 #5
Velbekomme.

Den bedste beskyttelse er selvfølgelig at færdes på internettet med omtanke.

Et par hjælpemidler som kan gøre det lettere, er f.eks SiteAdvisor som er et lille program, som kategoriserer hjemmsider efter hvor "farlige" de er. Den integrerer sig med Google, og viser "farligheden" på link'ene i søgeresultaterne.
http://www.spywarefri.dk/vaerktoj.htm#siteadvisor

Imponerende lille program, som bruger meget få ressourcer.

Et andet hjælpemiddel er et aktivt skjold. Skal det være gratis, er der faktisk kun windows Defender, som tilbydder dette:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Må det koste penge, er mit valg Super AntiSpyware. Jeg kører selv med pro versionen.
Avatar billede tonnybrandt Nybegynder
01. maj 2006 - 10:37 #6
Og du må selvfølgelig gerne slette de programmer, som du brugte under den sidste rensning:

About buster
CWShredder
fixwareout
xclean micro.
Avatar billede alex_h_jensen Nybegynder
01. maj 2006 - 10:45 #7
Jeg takker mange gange for hjælpen. og lukker tråden.


Hilsen
Alex H. Jensen
Avatar billede tonnybrandt Nybegynder
01. maj 2006 - 10:50 #8
Velbekomme og takker for point :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 12:16 Loop ved tilgang af Facebook Af andershl i Browsere
I går 21:44 Kan jeg få Google til at søge "Engelsk" eller "Tysk" eller "Svensk". Af Ikke-ekspert i Browsere
I går 20:42 Hvilken form for backup system kan i anbefale? Af www.jimlyngvild.com i Cloudtjenester
I går 15:15 Rapport koder placeret i moduler Af per2edb i Access
I går 14:09 Computer vil ikke starte Windows Af sirkejser i Windows
White papers
Flere white papers »


Premium
Teaser billede
På blot fire år har Anne og Jacob skabt Danmarks dygtigste it-konsulenthus: "Netværk har været afgørende for vores succes"
Læs mere »
Efter 193 dage i politiets varetægt er manden bag Netcompany-læk nu løsladt: "Min klient er naturligvis rigtig glad"
Flere år forsinket: Nu buldrer prisen for stort it-system til politiet i vejret - stiger med 22 procent
40 procent af Statens It’s kunder er utilfredse med driftsstabiliteten
Se alle »
Computerworld
Teaser billede
Om lidt går det løs: Så banebrydende bliver iPhone 16
Læs mere »
Nu kommer en af bilbranchens største software-opdateringer nogensinde
iPhone 16 og 16 Pro slippes løs: Her er de to afgørende nyheder
Apple ændrer grundlæggende på den måde, som din iPhone skal opdateres på
Se alle »
CIO
Teaser billede
Nu kommer næste store version af Copilot
Læs mere »
Syv vigtige teknologier, som alle CIO'er bør forholde sig til - kommer til at sætte dagsordenen
Microsoft vil have flere kunder ind i folden: Åbner for verdensomspændende rabat på Copilot M365
Microsoft har fundet 79 sårbarheder i Windows – du bør opdatere straks
Se alle »
Job & Karriere
Teaser billede
Pludselig exit fra Schultz kom som en overraskelse for Merete Søby: Derfor stoppede samarbejdet
Læs mere »
Merete Søby fratræder med omgående virkning som CEO for Schultz efter blot tre måneder på posten
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Læs mere »
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »