CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede m1nd Nybegynder
17. maj 2006 - 14:41 Der er 6 kommentarer og
1 løsning

Masser af virus og spyware Hjælp

ogfile of HijackThis v1.99.1
Scan saved at 14:36:29, on 17-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\outlook\outlook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Messenger\xpmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nick\Desktop\hijackthis(2).exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard20.exe
O4 - HKLM\..\Run: [newname] c:\\newname20.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

UPERAntiSpyware Scan Log
Generated 05/17/2006 at 02:30 PM

Core Rules Database Version : 2936
Trace Rules Database Version: 1053

Memory threats detected  : 3
Registry threats detected : 92
File threats detected    : 48

Adware.NicTech Networks
    C:\WINDOWS\SYSTEM32\O8RO0I93E8.DLL
    C:\WINDOWS\SYSTEM32\O8RO0I93E8.DLL
    C:\WINDOWS\system32\guard.tmp
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\IPConfTSP
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP21\A0005707.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP21\A0005708.dll
    C:\WINDOWS\system32\guard.#mp
    C:\WINDOWS\system32\mvlql9351.#ll
    C:\WINDOWS\system32\mvpml9711.#ll

Trojan.Defender1
    C:\DEFENDER20.EXE
    C:\DEFENDER20.EXE
    [defender] C:\\defender20.exe
    C:\\defender20.exe

Trojan.WinAntiSpyware/WinAntiVirus 2006
    HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}#AppID
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\InprocServer32
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\ProgID
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\Programmable
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\TypeLib
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\VersionIndependentProgID
    C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
    HKCR\WAP6.PCheck
    HKCR\WAP6.PCheck\CLSID
    HKCR\WAP6.PCheck\CurVer
    HKCR\WAP6.PCheck.1
    HKCR\WAP6.PCheck.1\CLSID
    HKCR\WinPGIntegrator.IEIntegrator
    HKCR\WinPGIntegrator.IEIntegrator\CLSID
    HKCR\WinPGIntegrator.IEIntegrator\CurVer
    HKCR\WinPGIntegrator.IEIntegrator.1
    HKCR\WinPGIntegrator.IEIntegrator.1\CLSID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0\win32
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\FLAGS
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\HELPDIR
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
    HKCR\AppId\WinPGI.DLL
    HKCR\AppId\WinPGI.DLL#AppID
    HKCR\AppId\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    HKU\S-1-5-21-1229272821-1580818891-725345543-1004\Software\WinAntiVirus Pro 2006
    C:\WINDOWS\system32\stera.job
    C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2006
    C:\Documents and Settings\Nick\Application Data\WinAntiVirus Pro 2006\Logs
    C:\Documents and Settings\Nick\Application Data\WinAntiVirus Pro 2006\PGE.dat
    C:\Documents and Settings\Nick\Application Data\WinAntiVirus Pro 2006
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003359.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003361.exe

Adware.Tracking Cookie
    C:\Documents and Settings\Nick\Cookies\nick@cgi-bin[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@adtech[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@adtech[1].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@atdmt[2].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@track.adform[2].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@www.popupsandbanners[1].txt
    C:\Documents and Settings\Nick\Local Settings\Temp\Cookies\nick@www.winantivirus[1].txt

Trojan.NetMon/DNSChange
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Adware.Director
    HKU\S-1-5-21-1229272821-1580818891-725345543-1004\Software\Director

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-1229272821-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.ClickSpring/Yazzle
    HKLM\Software\Snowball Wars
    C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\TUG7JHZX\Trelew[1].exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003184.exe

Adware.ClickSpring
    C:\Documents and Settings\Nick\Local Settings\Temp\!update.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003256.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003257.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003324.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003325.exe

Adware.webHancer
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003237.exe
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003238.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003239.dll
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003240.exe

Trojan.Unknown Origin
    C:\System Volume Information\_restore{659AF2DD-3650-4EDC-B22D-06F3897B884E}\RP19\A0003274.exe
    C:\WINDOWS\Tmljaw\nA53uT.vbs
    C:\WINDOWS\uninstall_nmon.vbs

Worm.Alcra Variant
    C:\WINDOWS\system32\cmd.com
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\tracert.com

Adware.ClickSpring/PuritySCAN
    C:\WINDOWS\system32\wnstssv.exe


Scan statistics

Objects scanned: 233
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2579 Kb/s
Scan time: 00:00:28
Avatar billede m1nd Nybegynder
17. maj 2006 - 14:52 #1
Hej det ville være super godt hvis der var nogen der gad kiggede den igennem og hjælpe mig

På forhånd tak

Nick
Avatar billede ejvindh Ekspert
17. maj 2006 - 16:51 #2
-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet. Vent med at scanne.

-- Hent Brute Force Uninstaller, og pak det ud til sin egen mappe (c:\BFU):
http://www.merijn.org/files/bfu.zip

-- Højreklik på følgende link, og vælg "Gem som" for at downloade Alcan Remover. Gem det i samme mappe som du gemte Brute Force Uninstaller i (c:\BFU):
http://metallica.geekstogo.com/alcanshorty.bfu

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Klik på "Min computer", og naviger frem til c:\BFU mappen. Dobbeltklik på BFU.exe. Så åbnes "The Brute Force Uninstaller". Til højre for det øverste indtastningsfelt, skal du nu klikke på det gule mappe-ikon ("Open script file"), og navigere frem til alcanshorty.bfu, som du hentede tidligere:
c:\bfu\alcanshorty.bfu

Klik herefter på "execute", og lad programmet gøre sit arbejde. Når scriptet er færdig, klikker du på OK, og derefter på EXIT.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido.
Avatar billede m1nd Nybegynder
17. maj 2006 - 17:30 #3
Logfile of HijackThis v1.99.1
Scan saved at 17:27:55, on 17-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nick\Desktop\hijackthis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:            17:24:25, 17-05-2006
+ Report-Checksum:        C9ABFD1E

+ Scan result:

    :mozilla.6:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\nnrruw40.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Nick\Cookies\nick@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Nick\DoctorWeb\Quarantine\A0003208.exe -> Trojan.Scapur.k : Cleaned with backup
    C:\Documents and Settings\Nick\DoctorWeb\Quarantine\A0003327.exe -> Trojan.Scapur.k : Cleaned with backup


::Report End

Tusind tak for hjælpen det er rart der nogen der vil hjælpe :)
Avatar billede m1nd Nybegynder
17. maj 2006 - 18:24 #4
Men vil self gerne hjælpes færdig :)
Avatar billede fromsej Praktikant
17. maj 2006 - 19:20 #5
Du er færdig (næsten).

Så er din log ren, vi behøver ikke se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere den.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.
Avatar billede ejvindh Ekspert
17. maj 2006 - 19:28 #6
Der var lige en familie der skulle passes :-)

Jeg takker for point -- og for assistance fra Fromsej med de afsluttende bemærkninger. Jeg er (selvfølgelig, fristes man til at sige) helt enig i kommentaren. :-)
Avatar billede m1nd Nybegynder
17. maj 2006 - 19:38 #7
Jeg takker igen mange gang for den rigtig gode hjælp :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 10 22/11/202420:49 23/11/202410:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
60 min siden WM-bus Minomess Single Jet vandmåler Brunata/Zenner Af kulawig i Andet hardware
I dag 14:23 Navn i stifinder til ny bruger: C:\Users\defaultuser100000 Af Jørgen Kirkegaard i Windows
I dag 11:44 Sti og filnavn i sidefod Af boro23 i Word
I dag 11:02 Zyxel Multy U netværk Af jcr18 i Wifi
I dag 08:52 DOWNLOAD TIL SAMME MAPPE Af snestrup2000 i Browsere
White papers
Flere white papers »


Premium
Teaser billede
Leverandør til 50 danske kommuner ramt af ransomware: "Det er ikke sjovt," siger direktør Thomas à Porta
Læs mere »
Norlys-kunder har store problemer efter sammenlægning af it-systemer: Internet, tv og telefoni crasher i lange baner
Meldes til politiet for grove GDPR-brud og elendig sikkerhed: Mere end 1.000 tidligere ansatte har haft fri adgang til centralt KMD-system
Kunderne raser, og priserne er eksploderet: Alligevel er salget af VMware en kæmpe-succes
Se alle »
Computerworld
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Et ”mareridt for privatlivets fred”: Kontroversiel Windows-funktion er udkommet i en test-version
Se alle »
CIO
Teaser billede
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Læs mere »
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Microsoft et døgn efter nedbrud: Stadig problemer med Outlook
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Twoday er rykket til et af de dyreste postnumre i Danmark – og det kan betale sig, siger topchef Lars Berthelsen
Se alle »
White paper
Teaser billede
Sikkerhed uden grænser: Cisco Hypershield
Læs mere »
Sådan: Én løsning til compliance, sikkerhed og overblik
MDR: Transparent sikkerhed og overvågning i realtid
Sådan gør du: Elektronisk dokumentudveksling i praksis
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »