Avatar billede balou Nybegynder
27. juni 2006 - 15:46 Der er 10 kommentarer og
1 løsning

Problemer med ErrorSafe.

Jeg har problemer med popup vinduer der beder mig om at installerer ErrorSafe,jeg bliver dog ved med at lukke dem men det resulterer altid i at de sider jeg er igang med at læse lukker ned.
Har kørt Dr.Web. Logfilen ser således ud:

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 152200
Infected objects found: 7
Objects with modifications found: 1
Suspicious objects found: 0
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 7
Objects renamed: 3
Objects moved: 1
Objects ignored: 0
Scan speed: 249 Kb/s
Scan time: 02:13:52
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 152393
Infected objects found: 7
Objects with modifications found: 1
Suspicious objects found: 0
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 7
Objects renamed: 3
Objects moved: 1
Objects ignored: 0
Scan speed: 254 Kb/s
Scan time: 02:14:14
=============================================================================

Derefter har jeg kørt Superantispyware. Logfilen ser således ud:

SUPERAntiSpyware Scan Log
Generated 06/27/2006 at 02:00 PM

Core Rules Database Version : 2993
Trace Rules Database Version: 1078

Memory threats detected  : 0
Registry threats detected : 6
File threats detected    : 103

Adware.Tracking Cookie
    C:\Documents and Settings\Carina\Cookies\carina@ads2.jubii[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.dk-sex[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@nextag[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad1.emediate[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@data[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@adopt.specificclick[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.centraliprom[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@clicks.checkoutsales[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.emarketmakers[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@clicks.jackpot[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.jackpot[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.realcastmedia[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@adtracking.servnet[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@track.adform[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.3d-passion[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@rightmedia[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad.ofir[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@adecn[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@e2.emediate[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@rowise[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.tiscali[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.tripod.jubii[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@eboz[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.realcastmedia[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@bestserials[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad1.hardware[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@indexstats[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@newads[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@belnk[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@e-2dj6wfmiwiajegp.stats.esomniture[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@optimost[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.midielite[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@kmpads[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.xxxgateways[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.webstat[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@serials[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@dist.belnk[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@indextools[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@banner.prestigecasino[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@starware[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@megastats[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@m1.webstats4u[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@easy-hit-counters[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.vg.basefarm[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@globalstat[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@warlog[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@advertpro.ya[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@yieldmanager[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad.admarketplace[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@adsrevenue[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@adopt.euroclick[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad.adtoma[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@stat.dealtime[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.iprom[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@countercentral[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad1.clickhype[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@hurricanedigitalmedia[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad.yieldmanager[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.mediaiprom[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.screensavers[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@i.screensavers[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.mystats[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@adfair[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@stats.manticoretechnology[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@partypoker[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@stats[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@winfixer[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@bizrate[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@a[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.cc214142[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.belstat[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@tripod.jubii[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.skins[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@stats1.reliablestats[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@dealtime[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@stat.postdanmark[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@click.tdc-online[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad.webreseau[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@elitegn[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@i[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@revsci[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads2.drivelinemedia[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@tripod.lycos[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@counter.fateback[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@adv.virgilio[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ads.evendi[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@anad.tacoda[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@stats2.clicktracks[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@m15rc[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.crackz[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad.redzoneglobal[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.belstat[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@clicksor[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.005.free-counter.co[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@www.incentaclick[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@tacoda[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@adserver.banneradministration[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@ad.zanox[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@counter[2].txt
    C:\Documents and Settings\Carina\Cookies\carina@subcounter[1].txt
    C:\Documents and Settings\Carina\Cookies\carina@wallpaper-screensavers[1].txt

Adware.IST/ISTBar (Slotch Bar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}

Adware.Avenue Media/Internet Optimizer
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt

Trojan.NewDotNet
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-18\Software\New.net

Og endelig har jeg kørt HijackThis. Logfilen følger:

Logfile of HijackThis v1.99.1
Scan saved at 15:10:56, on 27-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\CursorXP\CursorXP.exe
C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norton Personal Firewall\SymProxySvc.exe
C:\Programmer\Norton Personal Firewall\NISSERV.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Norton Personal Firewall\ATRACK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carina\Dokumenter\Spyware værktøjer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jubii.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Programmer\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmer\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ZumaSetup.exe] C:\DOWNLO~1\ZUMASE~1.EXE /r
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\SymProxySvc.exe

Er der nogle der gider at kigge det igennem for mig?
Har forøvrigt fulgt en beskrivelse/guide som jeg fornyligt har læst herinde.
27. juni 2006 - 16:28 #1
Ved du selv hvad dette er :
O4 - HKCU\..\Run: [ZumaSetup.exe] C:\DOWNLO~1\ZUMASE~1.EXE /r

(Andre må gerne rulle videre...)
Avatar billede balou Nybegynder
27. juni 2006 - 16:52 #2
Nej det aner jeg ikke!!!
27. juni 2006 - 16:58 #3
... kig i Kontrolpanel][Fjern programmer] - hvis den er der så fjern derfra...

Hvis ikke så "fix" den i HiJackThis programmet.
Manuelt find
C:\DOWNLO~1\ZUMASE~1.EXE
og SLET HELT

Genstart og en ny Log..
Avatar billede balou Nybegynder
27. juni 2006 - 17:24 #4
Her slettet den i HijackThis. Ny log:


Logfile of HijackThis v1.99.1
Scan saved at 17:28:53, on 27-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programmer\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CursorXP\CursorXP.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norton Personal Firewall\SymProxySvc.exe
C:\Programmer\Norton Personal Firewall\NISSERV.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Norton Personal Firewall\ATRACK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carina\Dokumenter\Spyware værktøjer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jubii.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Programmer\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmer\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\SymProxySvc.exe
27. juni 2006 - 20:19 #5
... virker den bedre nu ?
Avatar billede forevernewbie Nybegynder
27. juni 2006 - 23:54 #6
Zumasetup.exe er et spil. Sikkert ikke helt fint i kanten. Mine sikkerhedsindstillinger vil ihvertfald ikke lade mig hente den http://aff134.games.is/product/product=97
Avatar billede forevernewbie Nybegynder
27. juni 2006 - 23:59 #7
Btw, kom lige til at kigge i loggen. Disse to skal fixes:

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
Avatar billede balou Nybegynder
28. juni 2006 - 06:06 #8
Så er de fixed,hvordan ser det ud nu??


Logfile of HijackThis v1.99.1
Scan saved at 06:11:16, on 28-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norton Personal Firewall\SymProxySvc.exe
C:\Programmer\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\CursorXP\CursorXP.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Norton Personal Firewall\ATRACK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carina\Dokumenter\Spyware værktøjer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jubii.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Programmer\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmer\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\SymProxySvc.exe
Avatar billede forevernewbie Nybegynder
28. juni 2006 - 12:48 #9
Så er din log ren.


Efter et virus/spyware angreb, er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.

Hent ATF Cleaner her fra http://www.atribune.org/content/view/19/2/

Start ATF Cleaner. Sæt flueben i "Select all". Klik "Empty selected". (Hvis du stadigvæk måtte have lidt probs med Errorsafe, vil rensningen af tempfilerne måske løse det)

Link til sikring af din computer http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Avatar billede balou Nybegynder
28. juni 2006 - 13:21 #10
Oki.Jeg takker mange gange for hjælpen ;-))
Avatar billede forevernewbie Nybegynder
28. juni 2006 - 13:28 #11
Tak for point
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester