Avatar billede m1nd Nybegynder
17. maj 2006 - 14:41 Der er 6 kommentarer og
1 løsning

Masser af virus og spyware Hjælp

ogfile of HijackThis v1.99.1
Scan saved at 14:36:29, on 17-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\outlook\outlook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Messenger\xpmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nick\Desktop\hijackthis(2).exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard20.exe
O4 - HKLM\..\Run: [newname] c:\\newname20.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

UPERAntiSpyware Scan Log
Generated 05/17/2006 at 02:30 PM

Core Rules Database Version : 2936
Trace Rules Database Version: 1053

Memory threats detected  : 3
Registry threats detected : 92
File threats detected    : 48

Adware.NicTech Networks
    C:\WINDOWS\SYSTEM32\O8RO0I93E8.DLL
    C:\WINDOWS\SYSTEM32\O8RO0I93E8.DLL
    C:\WINDOWS\system32\guard.tmp
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\IPConfTSP
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP21\A0005707.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP21\A0005708.dll
    C:\WINDOWS\system32\guard.#mp
    C:\WINDOWS\system32\mvlql9351.#ll
    C:\WINDOWS\system32\mvpml9711.#ll

Trojan.Defender1
    C:\DEFENDER20.EXE
    C:\DEFENDER20.EXE
    [defender] C:\\defender20.exe
    C:\\defender20.exe

Trojan.WinAntiSpyware/WinAntiVirus 2006
    HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}#AppID
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\InprocServer32
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\ProgID
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\Programmable
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\TypeLib
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\VersionIndependentProgID
    C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
    HKCR\WAP6.PCheck
    HKCR\WAP6.PCheck\CLSID
    HKCR\WAP6.PCheck\CurVer
    HKCR\WAP6.PCheck.1
    HKCR\WAP6.PCheck.1\CLSID
    HKCR\WinPGIntegrator.IEIntegrator
    HKCR\WinPGIntegrator.IEIntegrator\CLSID
    HKCR\WinPGIntegrator.IEIntegrator\CurVer
    HKCR\WinPGIntegrator.IEIntegrator.1
    HKCR\WinPGIntegrator.IEIntegrator.1\CLSID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0\win32
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\FLAGS
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\HELPDIR
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
    HKCR\AppId\WinPGI.DLL
    HKCR\AppId\WinPGI.DLL#AppID
    HKCR\AppId\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    HKU\S-1-5-21-1229272821-1580818891-725345543-1004\Software\WinAntiVirus Pro 2006
    C:\WINDOWS\system32\stera.job
    C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2006
    C:\Documents and Settings\Nick\Application Data\WinAntiVirus Pro 2006\Logs
    C:\Documents and Settings\Nick\Application Data\WinAntiVirus Pro 2006\PGE.dat
    C:\Documents and Settings\Nick\Application Data\WinAntiVirus Pro 2006
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003359.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003361.exe

Adware.Tracking Cookie
    C:\Documents and Settings\Nick\Cookies\nick@cgi-bin[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@adtech[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@adtech[1].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@atdmt[2].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@track.adform[2].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@www.popupsandbanners[1].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@www.winantivirus[1].txt

Trojan.NetMon/DNSChange
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Adware.Director
    HKU\S-1-5-21-1229272821-1580818891-725345543-1004\Software\Director

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-1229272821-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.ClickSpring/Yazzle
    HKLM\Software\Snowball Wars
    C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\TUG7JHZX\Trelew[1].exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003184.exe

Adware.ClickSpring
    C:\Documents and Settings\Nick\Local Settings\Temp\!update.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003256.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003257.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003324.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003325.exe

Adware.webHancer
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003237.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003238.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003239.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003240.exe

Trojan.Unknown Origin
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003274.exe
    C:\WINDOWS\Tmljaw\nA53uT.vbs
    C:\WINDOWS\uninstall_nmon.vbs

Worm.Alcra Variant
    C:\WINDOWS\system32\cmd.com
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\tracert.com

Adware.ClickSpring/PuritySCAN
    C:\WINDOWS\system32\wnstssv.exe


Scan statistics

Objects scanned: 233
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2579 Kb/s
Scan time: 00:00:28
Avatar billede m1nd Nybegynder
17. maj 2006 - 14:52 #1
Hej det ville være super godt hvis der var nogen der gad kiggede den igennem og hjælpe mig

På forhånd tak

Nick
Avatar billede ejvindh Ekspert
17. maj 2006 - 16:51 #2
-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet. Vent med at scanne.

-- Hent Brute Force Uninstaller, og pak det ud til sin egen mappe (c:\BFU):
http://www.merijn.org/files/bfu.zip

-- Højreklik på følgende link, og vælg "Gem som" for at downloade Alcan Remover. Gem det i samme mappe som du gemte Brute Force Uninstaller i (c:\BFU):
http://metallica.geekstogo.com/alcanshorty.bfu

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Klik på "Min computer", og naviger frem til c:\BFU mappen. Dobbeltklik på BFU.exe. Så åbnes "The Brute Force Uninstaller". Til højre for det øverste indtastningsfelt, skal du nu klikke på det gule mappe-ikon ("Open script file"), og navigere frem til alcanshorty.bfu, som du hentede tidligere:
c:\bfu\alcanshorty.bfu

Klik herefter på "execute", og lad programmet gøre sit arbejde. Når scriptet er færdig, klikker du på OK, og derefter på EXIT.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido.
Avatar billede m1nd Nybegynder
17. maj 2006 - 17:30 #3
Logfile of HijackThis v1.99.1
Scan saved at 17:27:55, on 17-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nick\Desktop\hijackthis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:            17:24:25, 17-05-2006
+ Report-Checksum:        C9ABFD1E

+ Scan result:

    :mozilla.6:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Nick\DoctorWeb\Quarantine\A0003208.exe -> Trojan.Scapur.k : Cleaned with backup
    C:\Documents and Settings\Nick\DoctorWeb\Quarantine\A0003327.exe -> Trojan.Scapur.k : Cleaned with backup


::Report End

Tusind tak for hjælpen det er rart der nogen der vil hjælpe :)
Avatar billede m1nd Nybegynder
17. maj 2006 - 18:24 #4
Men vil self gerne hjælpes færdig :)
Avatar billede fromsej Praktikant
17. maj 2006 - 19:20 #5
Du er færdig (næsten).

Så er din log ren, vi behøver ikke se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere den.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.
Avatar billede ejvindh Ekspert
17. maj 2006 - 19:28 #6
Der var lige en familie der skulle passes :-)

Jeg takker for point -- og for assistance fra Fromsej med de afsluttende bemærkninger. Jeg er (selvfølgelig, fristes man til at sige) helt enig i kommentaren. :-)
Avatar billede m1nd Nybegynder
17. maj 2006 - 19:38 #7
Jeg takker igen mange gang for den rigtig gode hjælp :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester