Avatar billede jonas_a Nybegynder
04. juli 2006 - 01:15 Der er 19 kommentarer og
1 løsning

Norton Internet Security 2006 installere 3.parts programmer

Jeg har et stort problem, som startede da jeg købte Internet Security. Efter installationen opdagede jeg senerepå dagen at den var deaktiveret, og så skullejeg bruge min key igen. Og min computer opføre sig underlig. Den er Utrolig langsom. Deteren AMD 3200 med 1GBram. Og opstarten tog ca 20-30 min. Hvergang. Og der popper masser af programmer som jeg bliver anbefalet at købe. Alså det jeg ville beskytte mig imod, er lige pludselig endt på min computer, efter jeg har installeret et program imod det.  Computeren fryser i længere tid, lommelygten kommer frem når jeg vil ind i kontrolpanelet, og der står den og søger i måske 5-10 min, hvis det dukker frem.

Symantec vidrestiller bare, og deres online side forslår at løse mine problemer ved at jeg skal købe endnu et Symantec program SystemWorks 2006.

Jeg har kørt Nod32 30 days trail igennem på computeren, og den fandt en masse som den fjernede stod der.

Og nu har jeg afindstalleret Internet Security 2006, og computeren køre i normal hastighed. Men de mange popups er der stadevæk, også efter jeg har kørt ewido igennem som fandt 44 ting bla.

Adware.virtumonde
Dropper.small
Adware.Look2me
Not-A-virus.monitor.win32.netmon.a
Adware.mediatickets
Dropper.VB.mz
Trojan.Purityad
Downloader.Purityscan.cq
Trojan.Sinowal.aa
Adware.coolwebsearch
Downloader.small.cvw  med flere.

Jeg er lige blevet forslåret at købe en rejse,WinAntiVirus 2006, TrojanSPM/LX Fjerner, SerwabAntivirus, Safeclean, og det forsætter. hvordan kommer jeg af med det skidt. Og hvorfor virker Norton Antivirus modsat?
Jeg køre med fuldt opdateret win xp home sp2, og der var ingen problemer før Symantec produktet blev installeret.
Avatar billede forevernewbie Nybegynder
04. juli 2006 - 01:28 #1
Norton i en nøddeskal. Man betaler for det i dyre domme, og når det skal beskytte, så lader det sig deaktivere af skidtet. Deres ikke eksisterende support foreslår bare at man køber mere af deres skrammel. Magen til opreklameret l.rt skal man lede længe efter.

Der er heldigvis scannere som virker. Kør de to scannere her, og kopier en HijackThis log her ind i tråden  http://www.eksperten.dk/artikler/954
Avatar billede jonas_a Nybegynder
04. juli 2006 - 04:57 #2
Logfile of HijackThis v1.99.1
Scan saved at 04:56:36, on 04-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmer\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\apps\skype\phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\wincmd\TOTALCMD.EXE
D:\Documents and Settings\Yonaz\Skrivebord\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Qxl Ricardo Toolbar - {DAA9F4A6-996D-44d7-AE05-E5449D517DF6} - C:\PROGRA~1\QXLRIC~1\QXLRIC~1\QXLTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [QXLDeamon] C:\Programmer\Qxl Ricardo\Qxl Ricardo Tools\QXLDeamon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zfim] C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141861173687
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1A4220-D527-4FB1-B16C-D67EF514BEF6}: NameServer = 212.242.40.3,212.242.40.51
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe




=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-07-04, 03:55:41 [Jonas][Yonaz]
Command-line: "D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.3.06020)
Engine API version: 2.01
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crwtoday.cdb - 170 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43342.cdb - 744 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43341.cdb - 841 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43340.cdb - 822 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43339.cdb - 1071 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43338.cdb - 989 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43337.cdb - 855 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43336.cdb - 1297 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43335.cdb - 1195 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43334.cdb - 900 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43333.cdb - 1381 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43332.cdb - 1340 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43331.cdb - 2735 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43330.cdb - 2078 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43329.cdb - 2490 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43328.cdb - 743 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43327.cdb - 958 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43326.cdb - 793 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43325.cdb - 713 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43324.cdb - 655 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43323.cdb - 655 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43322.cdb - 778 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43321.cdb - 846 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43320.cdb - 808 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43319.cdb - 764 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43318.cdb - 838 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43317.cdb - 363 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43316.cdb - 730 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43315.cdb - 627 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43314.cdb - 824 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43313.cdb - 842 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43312.cdb - 830 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43311.cdb - 862 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43310.cdb - 853 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43309.cdb - 733 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43308.cdb - 708 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43307.cdb - 839 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43306.cdb - 930 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43305.cdb - 759 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43304.cdb - 721 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43303.cdb - 638 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43302.cdb - 806 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43301.cdb - 504 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crw43300.cdb - 24 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crwebase.cdb - 78674 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cwrtoday.cdb - 98 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cwr43301.cdb - 697 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crwrisky.cdb - 1271 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cwntoday.cdb - 211 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cwn43303.cdb - 766 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cwn43302.cdb - 850 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cwn43301.cdb - 773 virus records
[Virus base] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\crwnasty.cdb - 4867 virus records
Total virus records: 128259
Key file: D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\userinit.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\WINDOWS\System32\Wbem\wmiprvse.exe
[Scan path] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\_start.exe
[Scan path] D:\DOCUME~1\Yonaz\LOKALE~1\Temp\RarSFX1\cureit.exe
[Scan path] c:\windows\system32\ime\tintlgnt\tintsetp.exe
[Scan path] C:\WINDOWS\SOUNDMAN.EXE
[Scan path] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
[Scan path] c:\Apps\Powercinema\PCMService.exe
[Scan path] c:\apps\ABoard\ABoard.exe
[Scan path] C:\Programmer\Qxl Ricardo\Qxl Ricardo Tools\QXLDeamon.exe
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\WINDOWS\system32\bthprops.cpl
[Scan path] C:\WINDOWS\system32\rundll32.exe
[Scan path] C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
[Scan path] D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
[Scan path] c:\apps\skype\phone\Skype.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Scan path] C:\WINDOWS\system32\CTFMON.EXE
[Scan path] D:\Documents and Settings\Yonaz\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
[Scan path] C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
[Scan path] D:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\system32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\system32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\system32\remotepg.dll
[Scan path] C:\WINDOWS\system32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\system32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\shmedia.dll
[Scan path] C:\WINDOWS\system32\browseui.dll
[Scan path] C:\WINDOWS\system32\sendmail.dll
[Scan path] C:\WINDOWS\system32\occache.dll
[Scan path] C:\WINDOWS\system32\webcheck.dll
[Scan path] C:\WINDOWS\system32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\system32\netplwiz.dll
[Scan path] C:\WINDOWS\system32\zipfldr.dll
[Scan path] C:\WINDOWS\system32\cdfview.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\WINDOWS\system32\msieftp.dll
[Scan path] C:\WINDOWS\system32\docprop2.dll
[Scan path] C:\WINDOWS\system32\dsquery.dll
[Scan path] C:\WINDOWS\system32\dsuiext.dll
[Scan path] C:\WINDOWS\system32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\system32\dfsshlex.dll
[Scan path] C:\WINDOWS\system32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\WINDOWS\system32\Audiodev.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\Apps\RecordNow\shlext.dll
[Scan path] C:\WINDOWS\system32\upnpui.dll
[Scan path] C:\WINDOWS\system32\btneighborhood.dll
[Scan path] C:\Programmer\WinRAR\rarext.dll
[Scan path] C:\WINDOWS\system32\mljgh.dll
>C:\WINDOWS\system32\mljgh.dll infected with Trojan.Virtumod - will be cured after reboot

[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\system32\stobject.dll
[Scan path] C:\WINDOWS\system32\Ati2evxx.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\adpu160m.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agp440.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aha154x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78u2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78xx.sys
[Scan path] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\aliide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\alim1541.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amdagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\AmdK8.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amsint.sys
[Scan path] C:\WINDOWS\System32\Drivers\AnyDVD.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\arp1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3350p.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3550.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\system32\Ati2evxx.exe
[Scan path] C:\WINDOWS\system32\ati2sgag.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\btaudio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\btport.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\BthEnum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\bthpan.sys
[Scan path] C:\WINDOWS\System32\Drivers\BTHport.sys
[Scan path] C:\WINDOWS\System32\Drivers\BTHUSB.sys
[Scan path] C:\WINDOWS\system32\drivers\btkrnl.sys
[Scan path] C:\WINDOWS\system32\drivers\btserial.sys
[Scan path] C:\WINDOWS\system32\drivers\btslbcsp.sys
[Scan path] C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\btwdndis.sys
[Scan path] C:\WINDOWS\System32\Drivers\btwusb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\cmdide.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\system32\Drivers\CO_Mon.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cpqarray.sys
[Scan path] C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac960nt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dpti2o.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\EENGINE\eeCtrl.sys
[Scan path] C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
[Scan path] C:\Programmer\ewido\security suite\ewidoctrl.exe
[Scan path] C:\Programmer\ewido\security suite\guard.sys
[Scan path] C:\Programmer\ewido\security suite\ewidoguard.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Scan path] c:\APPS\HIDSERVICE\HIDSERVICE.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hpn.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZid412.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZius12.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i2omp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\system32\imapi.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ini910u.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdhid.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\system32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\MPE.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mraid35x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\system32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\NdisIP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\nic1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\NMnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ohci1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2hib.sys
[Scan path] C:\WINDOWS\system32\HPZipm12.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1080.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql12160.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1240.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1280.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rfcomm.sys
[Scan path] C:\WINDOWS\system32\locator.exe
[Scan path] C:\WINDOWS\system32\rsvp.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sisagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\SLIP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sparrow.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\StreamIP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc810.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc8xx.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_hi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_u3.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\toside.sys
[Scan path] C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ultra.sys
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\system32\drivers\usbaudio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbccgp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbscan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaide.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\Programmer\Windows Media Connect 2\wmccds.exe
[Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\drivers\ws2ifsl.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
[Scan path] C:\WINDOWS\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 313
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3910 Kb/s
Scan time: 00:00:19
-----------------------------------------------------------------------------

[Scan path] C:\
>C:\Programmer\WinRAR\Dos.SFX>C:\WINDOWS\system32\mljgh.dll infected with Trojan.Virtumod - will be cured after reboot
C:\WINDOWS\system32\config\DEFAULT - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\SOFTWARE - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\SYSTEM - read error
C:\WINDOWS\system32\config\system.LOG - read error

[Scan path] D:\
D:\Documents and Settings\LocalService\NTUSER.DAT - read error
D:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
D:\Documents and Settings\NetworkService\NTUSER.DAT - read error
D:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
D:\Documents and Settings\Yonaz\NTUSER.DAT - read error
D:\Documents and Settings\Yonaz\NTUSER~1.LOG - read error
D:\Documents and Settings\Yonaz\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
D:\Documents and Settings\Yonaz\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 79889
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2858 Kb/s
Scan time: 00:19:51
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 80202
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2875 Kb/s
Scan time: 00:20:10
=============================================================================


SUPERAntiSpyware Scan Log
Generated 07/04/2006 at 03:44 AM

Core Rules Database Version : 3005
Trace Rules Database Version: 1079

Memory threats detected  : 0
Registry threats detected : 52
File threats detected    : 29

Adware.CoolWebSearch
    HKLM\Software\Classes\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\ProgID
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\Programmable
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\TypeLib
    HKCR\CLSID\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\VersionIndependentProgID
    C:\WINDOWS\winres.dll

Unclassified.Unknown Origin
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}

Adware.Tracking Cookie
    D:\Documents and Settings\Yonaz\Cookies\yonaz@e2.emediate[2].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@dk.winantivirus[2].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@advertising[2].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@indexstats[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@winantivirus[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@atdmt[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@doubleclick[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@stats1.reliablestats[2].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@ad1.emediate[2].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@2o7[2].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@mediaplex[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@tribalfusion[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@statse.webtrendslive[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@www.winantiviruspro[2].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@tradedoubler[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@ad.yieldmanager[1].txt
    D:\Documents and Settings\Yonaz\Cookies\yonaz@adtech[2].txt
    D:\Documents and Settings\Yonaz\Lokale indstillinger\Temp\Cookies\yonaz@track.adform[1].txt
    D:\Documents and Settings\Yonaz\Lokale indstillinger\Temp\Cookies\yonaz@www.popupsandbanners[2].txt

Trojan.SpySheriff
    C:\Program Files\SpySheriff\SpySheriff.exe
    C:\Program Files\SpySheriff

Trojan.NetMon/DNSChange
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion#LastModified
    C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP79\A0059226.vbs
    C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP79\A0059228.vbs
    C:\WINDOWS\teller2.chk

Trojan.SmartLoad
    HKLM\Software\Microsoft\drsmartload2
    HKLM\Software\Microsoft\drsmartload2#Installed
    C:\WINDOWS\drsmartload2.dat

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-1701260644-1454673290-3274838521-1006\Software\Microsoft\Internet Explorer\Main#Search Page [ prosearching.com ]
    HKLM\Software\Microsoft\Internet Explorer\Main#Search Page [ prosearching.com ]
    HKU\S-1-5-21-1701260644-1454673290-3274838521-1006\Software\Microsoft\Internet Explorer\Main#Local Page [ prosearching.com ]
    HKLM\Software\Microsoft\Internet Explorer\Main#Local Page [ prosearching.com ]
    HKU\S-1-5-21-1701260644-1454673290-3274838521-1006\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ prosearching.com ]
    HKLM\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ prosearching.com ]
    HKU\S-1-5-21-1701260644-1454673290-3274838521-1006\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://www.2020search.com/search/9884/search.html ]
    HKLM\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://www.2020search.com/search/9884/search.html ]
    HKU\S-1-5-21-1701260644-1454673290-3274838521-1006\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx#{74CD40EA-EF77-4BAD-808A-B5982DA73F20}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx [  ]
    C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP79\A0059229.exe

Trojan.Homepage/Puper
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#wininet.dll [ regperf.exe ]

TargetSaver, Inc. Process
    C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP79\A0059235.exe

Trojan.IBM/Shell
    C:\WINDOWS\PREFETCH\IBM00003.EXE-05709EA1.pf
Avatar billede fromsej Praktikant
04. juli 2006 - 08:50 #3
Kommentar: forevernewbie 04/07-2006 01:28:31 >> Som talt ud af mit hjerte. ;-)
http://www.fromsej.dk/html/norton.html

Men den maskine er også godt og vel inficeret.

Mens Forevernewbie er offline, kan jeg lige sætte en enkelt scanning i gang, Dr.Web fandt spor af Virtumondo, det skal vi lige være sikre på er helt aflivet.

-- Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

-- Dobbeltklik på VundoFix.exe for at køre det. Sæt flueben ud for "Run VundoFix as a task". Du vil få en besked om at Vundofix vil lukke og genåbne indenfor ca. et minut. Klik på OK.

-- Når Vundofix genåbner, skal du klikke på "Scan for Vundo"-knappen.

-- Når den er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen.

-- Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at lukke computeren ned. Det skal du acceptere.

-- Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt
Avatar billede jonas_a Nybegynder
04. juli 2006 - 12:09 #4
Tak fordi i gider at hjælpe.


VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Sun Java not detected
Scan started at 11:58:11 04-07-2006

Listing files found while scanning....


C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\mljgh.dll
Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of HijackThis v1.99.1
Scan saved at 12:06:21, on 04-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\system32\rundll32.exe
C:\apps\ABoard\AOSD.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
D:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\Documents and Settings\Yonaz\Skrivebord\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {6566A2B3-A0D9-48A6-9AB6-E57DE9932773} - C:\WINDOWS\system32\mljgh.dll (file missing)
O3 - Toolbar: Qxl Ricardo Toolbar - {DAA9F4A6-996D-44d7-AE05-E5449D517DF6} - C:\PROGRA~1\QXLRIC~1\QXLRIC~1\QXLTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [QXLDeamon] C:\Programmer\Qxl Ricardo\Qxl Ricardo Tools\QXLDeamon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zfim] C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141861173687
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1A4220-D527-4FB1-B16C-D67EF514BEF6}: NameServer = 212.242.40.3,212.242.40.51
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\j0j6la1s1d.dll (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\l2r0lc9m1f.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
Avatar billede forevernewbie Nybegynder
04. juli 2006 - 17:02 #5
Nu er Vundo trojaneren væk, og så må vi tjekke om L2M og Smitfraud infektionerne også er væk.

1. Hent Look2Me-Destroyer herfra:

http://www.atribune.org/ccount/click.php?id=7
Gem værktøjet på dit Skrivebord.

2. Luk alle åbne programvinduer - inklusiv Internet Explorer.

3. Dobbeltklik på Look2Me-Destroyer, sæt et flueben i "Run this program as a task". Du får en meddelelse om, at Look2Me-Destroyer vil lukke og åbne efter 10 sekunder - klik på OK.

4. Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.
Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Læg den ned i mappen C:\Windows\System32.

5. Når Look2Me-Destroyer genåbner - klik på "Scan for L2M" - dine ikoner forsvinder - klik "Remove L2M". Klik OK når du får meddelelsen "Done scanning". Nu får du meddelelsen "Done removing infected files!. Programmet vil lukke din computer - klik OK.

Kopier Look2Me-Destroyer´s log her ind.

Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.

Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
...og placere den i mappen C:\Windows\System32 Directory.


-----------------------------------------------------------


1. Hent og pak SmitfraudFix.zip ud til dit Skrivebord.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.


2. Genstart i fejlsikret (tast f8 flere gange under opstart), hvis du ikke kan, så kig her:

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1


3. Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Fixet genstarter muligvis computeren.


SmitfraudFix laver også en lille tekstfil (log). Kopier den her ind, sammen med en frisk HijackThis log.
Avatar billede jonas_a Nybegynder
05. juli 2006 - 10:12 #6
SmitFraudFix v2.67

Scan done at 10:07:42,96, 05-07-2006
Run from D:\Documents and Settings\Yonaz\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\keyboard1.dat Deleted
C:\WINDOWS\newname.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 05-07-2006 09:50:06

Infected! C:\WINDOWS\system32\j0j6la1s1d.dll
Infected! C:\WINDOWS\system32\l2r0lc9m1f.dll

Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6E90AC81-48FE-4236-A483-9985DA5FEB22}"
HKCR\Clsid\{6E90AC81-48FE-4236-A483-9985DA5FEB22}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7076E4DD-5B77-4D56-AF5C-241218418772}"
HKCR\Clsid\{7076E4DD-5B77-4D56-AF5C-241218418772}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratorer - Succeeded


Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Jeg genstarter lige og laver en frisk HijackThis log.
Avatar billede jonas_a Nybegynder
05. juli 2006 - 10:17 #7
Logfile of HijackThis v1.99.1
Scan saved at 10:16:02, on 05-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\apps\skype\phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Yonaz\Skrivebord\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {6566A2B3-A0D9-48A6-9AB6-E57DE9932773} - C:\WINDOWS\system32\mljgh.dll (file missing)
O3 - Toolbar: Qxl Ricardo Toolbar - {DAA9F4A6-996D-44d7-AE05-E5449D517DF6} - C:\PROGRA~1\QXLRIC~1\QXLRIC~1\QXLTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [QXLDeamon] C:\Programmer\Qxl Ricardo\Qxl Ricardo Tools\QXLDeamon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zfim] C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141861173687
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1A4220-D527-4FB1-B16C-D67EF514BEF6}: NameServer = 212.242.40.3,212.242.40.51
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
Avatar billede forevernewbie Nybegynder
05. juli 2006 - 15:36 #8
Nu ser det bedre ud.


Hent DelDomains.inf
http://www.mvps.org/winhelp2002/DelDomains.inf

højreklik på DelDomains.inf og vælg: Install
Dette vil fjerne alle entries I trusted zone

------------------------------------------------------------------


For at kunne se alle filer:

Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-----------------------------------------------------------------

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: (no name) - {6566A2B3-A0D9-48A6-9AB6-E57DE9932773} - C:\WINDOWS\system32\mljgh.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)


O4 - HKCU\..\Run: [zfim] C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe Kan du selv sige god for den ? Spil måske ? Ellers upload exefilen til scanning her http://virusscan.jotti.org/ og her http://www.virustotal.com/en/indexf.html Er du tvivl, så fix den.


Slet denne fil:

C:\Programmer\Fælles filer\Real\Update_OB\ realsched.exe <- Slet filen


Slet denne mappe (hvis du fixer den):

C:\PROGRA~1\FÆLLES~1\ zfim <- Slet mappen


Genstart, og kom med en frisk HijackThis log.
Avatar billede jonas_a Nybegynder
06. juli 2006 - 09:15 #9
Logfile of HijackThis v1.99.1
Scan saved at 09:12:51, on 06-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\apps\ABoard\AOSD.exe
D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Documents and Settings\Yonaz\Skrivebord\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Qxl Ricardo Toolbar - {DAA9F4A6-996D-44d7-AE05-E5449D517DF6} - C:\PROGRA~1\QXLRIC~1\QXLRIC~1\QXLTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [QXLDeamon] C:\Programmer\Qxl Ricardo\Qxl Ricardo Tools\QXLDeamon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zfim] C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141861173687
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1A4220-D527-4FB1-B16C-D67EF514BEF6}: NameServer = 212.242.40.3,212.242.40.51
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
Avatar billede jonas_a Nybegynder
06. juli 2006 - 09:19 #10
Ups jeg var lidt for hurtigt, nu har jeg genstartet og lavet en ny log

Logfile of HijackThis v1.99.1
Scan saved at 09:18:04, on 06-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\apps\ABoard\AOSD.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\apps\skype\phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Documents and Settings\Yonaz\Skrivebord\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Qxl Ricardo Toolbar - {DAA9F4A6-996D-44d7-AE05-E5449D517DF6} - C:\PROGRA~1\QXLRIC~1\QXLRIC~1\QXLTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [QXLDeamon] C:\Programmer\Qxl Ricardo\Qxl Ricardo Tools\QXLDeamon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zfim] C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141861173687
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1A4220-D527-4FB1-B16C-D67EF514BEF6}: NameServer = 212.242.40.3,212.242.40.51
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
Avatar billede jonas_a Nybegynder
06. juli 2006 - 09:46 #11
Jeg slettede dem med Symantec, O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm og
O4 - HKCU\..\Run: [zfim] C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe
måtte jeg slette igen


Logfile of HijackThis v1.99.1
Scan saved at 09:42:50, on 06-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\apps\ABoard\AOSD.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\apps\skype\phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
D:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Programmer\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\Documents and Settings\Yonaz\Skrivebord\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Qxl Ricardo Toolbar - {DAA9F4A6-996D-44d7-AE05-E5449D517DF6} - C:\PROGRA~1\QXLRIC~1\QXLRIC~1\QXLTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [QXLDeamon] C:\Programmer\Qxl Ricardo\Qxl Ricardo Tools\QXLDeamon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] D:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Skype] "c:\apps\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141861173687
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1A4220-D527-4FB1-B16C-D67EF514BEF6}: NameServer = 212.242.40.3,212.242.40.51
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
Avatar billede forevernewbie Nybegynder
06. juli 2006 - 09:54 #12
Så er din log ren.


Efter et virus/spyware angreb, er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.

Hent ATF Cleaner her fra http://www.atribune.org/content/view/19/2/

Start ATF Cleaner. Sæt flueben i "Select all" (du kan undlade cookies, hvis du vil). Klik "Empty selected".

Link til sikring af din computer http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Husk at "skjule" dine filer igen, hvis du har visning af skjulte filer aktiveret.

Hvad sagde virusscannerne til denne ?

C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe
Avatar billede jonas_a Nybegynder
06. juli 2006 - 10:13 #13
Så har jeg fået svar fra deres 72 timers "service". Der er bevislig intet hjælp at hente, hvis man skal snakke med en person. Alså uden timebetaling. Uforståligt fra min side.

Alt køre normalt igen, uden overraskelser. Tak forevernewbie og fromsej, det er en ren fornøjelse.

Jeg har et sidste spørgsmål angående antivirus, og firewall. Norton er banlyst hehe, men hvilken alternativt kan i anbefale jeg skal købe?

Venligs
Jonas


----- Original Message -----
From: <authorized_service@symantec.com>
To: "Jonas"
Sent: Wednesday, July 05, 2006 4:46 PM
Subject: Symantec Authorized

Til Jonas

Har hørt at du har fået virus endda også efter installering af Norton
Internet Security. For at på den bedst mulig måde at håndtere virus
foreslår jeg at du køre et Online Scan (instructioner nedenfor), dette scan
ville kunne hjælpe dig med at identificerer virus, fjerne instruktioner vil
så kunne findes.

Hvis du videre for brug for hjælp med at fjerne virus er du meget velkommen
at kontakte vores Virus Fjernelses Service og bestille en tid, tlf
35445720.

-------------------------------------

    Online Scanning (over internet)

Klik på nedenstående link for at starte en online scanning.
URL:
http://security.symantec.com/sscv6/home.asp?productid=symhome&langid=ie&venid=sym&close_parent=true


1)  Klik på start for Virus Detection
2)  Accepter licenaftale: "I accept" og "I consent"
3)  Accepter installation af ActiveX-program (se evt top-line(grumset gul)
og højre klik på den og accepter installation (eller popup))
4)  Du vil kunne se at computeren bliver scannet nå en tæller started til
venstre for den røde computer

Når scanning er færdig, kommer der en report op, denne vil informere om
computeren en inficeret. Eventuel hjælp til fjernelse findes på symantecs
hjemmeside (på engelsk).

--------------------------------------

Venlig hilsen
Signe M. Ingversen
Teknisk Support
Symantec Authorized Service Center

1. Prova gärna vårt nya Esupport verktyg helt gratis.
http://www.symantec.com/esupport

2. För att finna flera av Symantecs produkter och tjänster, klicka på
nedanstående link.
http://www.symantec.com/region/se/techsupp/

---------------------------------------------

Og da jeg skrev tilbage fik jeg dette auto-respons:

----- Original Message -----
From: <authorized_service@symantec.com>
To: "Jonas"
Sent: Thursday, July 06, 2006 9:24 AM
Subject: Re: Re: Symantec Authorized

NORTH AMERICA

This email is an automated response to an email that was sent to Authorized
Service at Symantec.

Email sent to Authorized Service by using the Reply function of an email
client cannot be answered.

To avoid this message in the future, please click on the link(s) provided
in the original email that you received from Authorized Service.

For assistance with another issue, please point your web browser to
http://www.symantec.com/techsupp/


EUROPEAN ENGLISH

This email is an automated response to an email that was sent to Authorized
Service at Symantec.

Email sent to Authorized Service by using the Reply function of an email
client cannot be answered.

To avoid this message in the future, please click on the link(s) provided
in the original email that you received from Authorized Service.

For assistance with another issue, please point your web browser to
http://www.symantec.com/region/reg_eu/techsupp/index.html


DEUTSCHLAND

Dies ist eine automatische Antwort auf eine E-Mail, die an den
authorisierten Dienstleister von Symantec gesandt wurde.

E-Mails, die mit der 'Antwort'-Funktion eines E-Mail-Clients an den
authorisierten Dienstleister versandt wurden, können nicht beantwortet
werden.

Bitte klicken Sie zum Versenden einer Nachricht auf die Verknüpfung(en),
die in der E-Mail enthalten ist/sind, die Sie von unserem authorisierten
Dienstleister erhalten haben.

Unterstützung bei anderen Themen erhalten Sie unter
http://www.symantec.com/region/de/techsupp/


FRANCE

Ceci est une réponse automatique à votre message adressé au Service
autorisé de Symantec.

Nous vous prions de ne pas répondre directement à cet e-mail. Pour poster
votre
message de réponse, veuillez cliquer sur le(s) lien(s) contenu(s) dans
l'e-mail original que vous
avez reçu du Service autorisé.

Pour toute autre question, veuillez vous rendre à l'adresse Internet
suivante http://www.symantec.com/region/fr/techsupp/


NEDERLAND

Dit is een automatisch verstuurd antwoord op een e-mail gestuurd aan de
geautoriseerde service-afdeling.

Het is onmogelijk te antwoorden op e-mails die naar de geautoriseerde
service-afdeling gestuurd worden door op de knop Antwoorden in uw
e-mailprogramma te klikken.

Klik alstublieft op de snelkoppeling(en) in het oorspronkelijke bericht dat
u van de geautoriseerde service-afdeling ontving om uw bericht te plaatsen.

Voor ondersteuning voor een ander probleem verwijzen wij u graag naar
http://www.symantec.com/region/nl/techsupp/


ITALIA

Questa è una risposta automatica all'e-mail da lei inviata al Servizio
autorizzato di Symantec.

La preghiamo di non rispondere direttamente a questo messaggio. Per crearne
uno
nuovo di risposta la invitiamo a fare clic sul collegamento fornito nel
messaggio iniziale del Servizio autorizzato.

Se desidera ulteriore assistenza la preghiamo di visitare il sito
http://www.symantec.com/region/it/techsupp/


ESPAÑOL

Este correo electrónico es una respuesta automatizada a un correo
electrónico enviado al Servicio de Atención Autorizado.

Por favor tengan en cuenta que no es posible contestar directamente a este
correo electrónico. Para mandar su respuesta, por favor haga clic en el
vínculo que aparece en el
correo electrónico inicial enviado por el Servicio de Atención Autorizado.

Para obtener ayuda con otro problema, diríjase a la dirección de internet
http://www.symantec.com/region/mx/techsupp/


NORDIC

Detta är ett automatisk email svar på en email some skickades till Symantec
Customer Support.

Vi kan inte svara på emails som skickas till Customer Support genom 'Svara
på sändare' funktionen.

För att undvika detta meddelande i framtiden, var god klicka på en av
linkarna i den originella emailen du fick
från Customer Support.

För hjälp med ytterligare frågor, var god klicka på följande link:

http://www.symantec.com/region/se/techsupp


PORTUGUESE

Esta  é uma resposta automática a um email enviado ao Serviço Autorizado
Symantec.

Email enviado ao Serviço Autorizado Symantec através da função
"Responder/Reply" de programas de correio eletrônico não podem ser
respondidos.
Para evitar receber esta mensagem no futuro, por favor clique no(s) link(s)
fornecido no email original enviado pelo Serviço Autorizado Symantec.

Para auxílio em qualquer outro assunto, por favor visite o site
http://www.symantec.com/region/br/techsupp
Avatar billede jonas_a Nybegynder
06. juli 2006 - 10:45 #14
C:\PROGRA~1\FÆLLES~1\zfim\zfimm.exe

Den sagde ikke noget til den, men jeg har slettet den. Der var en masse filer uden noget efternavn. Og den ene jeg gik ind i stod der asian porn en masse gange, så jeg regnede med at den ikke var en windows opdatering.
Avatar billede jonas_a Nybegynder
06. juli 2006 - 10:47 #15
Jeg bukker ydmygt og takker mange gange for jeres hjælp.
Avatar billede jonas_a Nybegynder
06. juli 2006 - 10:48 #16
Skal jeg gøre noget for at give jer point?
Avatar billede forevernewbie Nybegynder
06. juli 2006 - 22:26 #17
Jeg kan kun gentage: Norton i en nøddeskal. Prøv at kigge her, efter både gratis og købe beskyttelse http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg mener at denne pakke er et godt bud http://spywarefri-shop.dk/index.php?cPath=46
Bemærk licensen kører i to år.

Fromsej og jeg finder selv ud af at dele pointene *S*.
Avatar billede fromsej Praktikant
07. juli 2006 - 09:00 #18
Jeg skal ikke have point for den smule.*S*
Avatar billede forevernewbie Nybegynder
07. juli 2006 - 10:17 #19
Nu har jeg lagt dem her http://www.eksperten.dk/spm/719440 så kom nu med et svar, så jeg kan få lukket ;)
Avatar billede fromsej Praktikant
07. juli 2006 - 13:38 #20
Jeg har været der.*S*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester